From owner-freebsd-questions Thu Dec 5 19:57:13 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2218337B401 for ; Thu, 5 Dec 2002 19:57:12 -0800 (PST) Received: from vms2.rit.edu (vms2.isc.rit.edu [129.21.3.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id 44E1443EC5 for ; Thu, 5 Dec 2002 19:57:11 -0800 (PST) (envelope-from bjm1287@ritvax.isc.rit.edu) Received: from dogbert ([129.21.129.47]) by ritvax.isc.rit.edu (PMDF V5.2-32 #40294) with ESMTPA id <01KPOUH73GJSR9F9I5@ritvax.isc.rit.edu> for questions@FreeBSD.org; Thu, 5 Dec 2002 22:55:58 EST Date: Thu, 05 Dec 2002 22:55:25 -0500 From: Brian McCann Subject: IPFW & Snort To: questions@FreeBSD.org Message-id: <000c01c29cdb$4f651270$1500a8c0@dogbert> MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Mailer: Microsoft Outlook, Build 10.0.2616 Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT Importance: Normal X-Priority: 3 (Normal) X-MSMail-priority: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Simple question for you all...but it evades me. I'm trying to setup a box that will monitor a network, but be totally invisible to that network, but it needs an IP since it will be using some programs like BigBrother and whatnot. So...my question is...if I use IPFW to block, for example, all ports and effectively totally blocking TCP/IP, will Snort still be able to capture TCP/IP packets? Has anyone tried/done this? Thanks & Happy Holidays, --Brian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message