Argus in promiscuous mode running in a firewall
Carter Bullard
carter at qosient.com
Mon Feb 4 19:18:13 EST 2013
Hey Gilson,
Normally, within a switch / router / firewall, you would not use promiscuous mode,
as you want to process the packets that the device will / would actually process.
Carter
On Feb 4, 2013, at 5:54 PM, Gilson Soares <gilson.soares at gmail.com> wrote:
> I'm quite confused with promiscuous mode in Argus.
>
> Promiscuous mode is used to capture packets whose destination is not to argus sensor interface.
> I think this is fine when your are capturing from a bridge interface or in a argus sensor with port mirroring (correct?)
>
> But if want to use Argus in a firewall with two interfaces (eth0-public and eth1-localnet) with masquerading enabled, the outgoing traffic from inside to outside, the eth1 "is the target destination" to reach outside.
>
> In this case, promiscuous should be Enabled or Disabled ?
>
> Did I miss something ?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130204/1c865aa9/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4367 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130204/1c865aa9/attachment.bin>
More information about the argus
mailing list