Argus in promiscuous mode running in a firewall
gilson.soares at gmail.com
Mon Feb 4 17:54:19 EST 2013
I'm quite confused with promiscuous mode in Argus.
Promiscuous mode is used to capture packets whose destination is not to
argus sensor interface.
I think this is fine when your are capturing from a bridge interface or in
a argus sensor with port mirroring (correct?)
But if want to use Argus in a firewall with two interfaces (eth0-public and
eth1-localnet) with masquerading enabled, the outgoing traffic from inside
to outside, the eth1 "is the target destination" to reach outside.
In this case, promiscuous should be Enabled or Disabled ?
Did I miss something ?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the argus