Re: [pmacct-discussion] pmacct's place in the network... passive host?
Duncan Shannon schrieb: Is it as easy as downloading and setting it up? I guess the conflicts im wondering about would be does pmacct care that there is no IP on the interface and that its in promiscuous mode? The complexity of setting it up depends on the complexity of your needs. But what definitely is not a problem, is having an ethernet adapter without an IP address in promiscuous mode to passively monitor traffic from a mirrored switch port, for instance. I'm doing exactly this. It's just giving a warning, that there is no IP address configured, that's it. Cheers, Sven -- Sven Anderson Institute for Informatics - http://www.ifi.informatik.uni-goettingen.de Georg-August-Universitaet Goettingen Lotzestr. 16-18, 37083 Goettingen, Germany ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
[pmacct-discussion] pmacct's place in the network... passive host?
Hi- I am trying to get a handle on traffic on a network, which has some old-osh equipment and we cant really cant get what we need/want from our firewall, router etc. I box that was setup to run Snort, with a passive Ethernet tap between our router and firewall. Eth0 is LAN Eth1 is Inbound traffic (in promiscuous mode) thru tap Eth2 is outbound traffic (in promiscuous mode ) thru tap in promiscuous mode Pmacct looks like a great tool and I'd love to give it a try. I did search a bit on the archives, but didn't find much. Im very sorry if this has been covered recently. Can I run pmacct on my (Fedora) system that is seeing all in/out traffic (for snort) that is on a passive Ethernet tap? Is it as easy as downloading and setting it up? I guess the conflicts im wondering about would be does pmacct care that there is no IP on the interface and that its in promiscuous mode? Thanks very much in advance; I appreciate it. duncan Duncan Shannon Techfluent, Inc. (P) 612-338-1300 (F) 612-638-1310 [EMAIL PROTECTED] www.techfluent.com ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists