Posts Tagged ‘Snort’

Streaming pcap to a dummy interface

Posted on 2015-10-05, 22:09, by bjorn, under Uncategorized.

In an earlier article, I described how to stream captured network traffic to a remote host for IDS analysis with Snort. Mikrotik units can stream captured traffic elsewhere using the TaZmen Sniffer Protocol (TZSP). tcpdump and Wireshark natively decode this protocol, but unfortunately it doesn’t seem to be supported by any other of the large […]

Tags: , , , , , ,
Comments Off on Streaming pcap to a dummy interface | Read the rest of this entry »

IDS with MikroTik and Snort

Posted on 2015-03-14, 19:07, by bjorn, under Uncategorized.

UPDATE: For more flexible streaming, and for not having to hack your Snort init scripts, you might want to consider this article as well. Now back to the scheduled program. Port mirroring on a strategically positioned switch can be the best setup for an IDS sensor. If that’s not an option, RouterOS-based MikroTik devices support […]

Tags: , , , , , ,
Comments Off on IDS with MikroTik and Snort | Read the rest of this entry »