[Snort-devel] Promiscious detection

Martin Roesch roesch at ...48...
Fri Feb 23 00:21:09 EST 2001

I think the -a switch will do what you're looking for.


Johan Samuelson wrote:
> > As far as i remember, this was only supposed to work on old linux kernels
> which
> > had a bug related to promisc. mode
> > but when bind did more testing he found that newer linux kernels and some
> > other operating systems were still misbehaving in regards to promisc mode.
> > So you might wanna test that arp test on your machine before drawing any
> > conclusions
> Yes, but still I think printing the hardware address associated with ARP
> requests/replies could be interesting in other cases as well. I don't see
> the
> point in limiting the -e switch to only dumping hardware addresses on IP
> datagrams, save for creating a compacter output that is.
> // Johan
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> http://lists.sourceforge.net/lists/listinfo/snort-devel

Martin Roesch
roesch at ...48...

More information about the Snort-devel mailing list