1

how can a mirror all of the traffic on a network interface, to virtual interface

view story
linux-howto

http://serverfault.com – I am trying to setup snort to act as an ids, on a debian machine that also functions as a router. Ideally I would like to setup snort in such a way so that I would not have to purchase an additional network adapter just to have it listen to the same traffic that the debian machine is already handling. Having said that, what would be the best way to mirror traffic from an interface, and then send the mirrored traffic over to snort? Or would you recommend that I go along a different route? I was thinking a bridge could possibly work, but I am not sure if that would be the correct solution, any h (HowTos)