[Snort-devel] VLAN tagging

Keith R Kilby krkilby at ...1875...
Wed Mar 26 03:38:25 EST 2003


  I am currently involved in producing a small portable IDS and use a 
Dell Latitude C810 and Redhat 8.

I have configured the machine to use the in built 3C905 NIC or the Dell 
Cdock II docking stations NIC again a 3C905.

The Redhat kernel has been configured to support 802.1Q VLAN tagging and 
 works when tested with telnet, HTTP etc. However when I try to set up 
Snort to use the VLAN tag eg eth0.1 or eth1.1 it falls over with an 
error saying it does not recognise the device.
I have read the archives which suggest that snort does support single 
depth vlanning.

Anybody got any pointers hints while I dig into the snort code as well 
as the NIC code?

Regards
Keith

PS I like snort it has performed very well so far on single LAN 
interfaces. KK
------------------------------------------------------------------------
[root at ...1876... root]# snort -b -i eth1.1 -l /var/log/snort
Log directory = /var/log/snort

Initializing Network Interface eth1.1
ioctl(SIOC*MTU): No such device
Automagic MTU discovery failed. Using default 1500ERROR: OpenPcap() 
device eth1.1 open:
        bind: No such device
Fatal Error, Quitting..
[root at ...1876... root]# ifconfig
eth1      Link encap:Ethernet  HWaddr 00:B0:D0:BD:57:CE
          inet addr:10.184.83.47  Bcast:10.184.127.255  Mask:255.255.192.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:50599 errors:0 dropped:0 overruns:651 frame:0
          TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:5833399 (5.5 Mb)  TX bytes:300 (300.0 b)
          Interrupt:3 Base address:0xf400

eth1:1    Link encap:Ethernet  HWaddr 00:B0:D0:BD:57:CE
          inet addr:10.184.83.48  Bcast:10.184.127.255  Mask:255.255.192.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:3 Base address:0xf400

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:1348 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1348 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:952058 (929.7 Kb)  TX bytes:952058 (929.7 Kb)

[root at ...1876... root]#





More information about the Snort-devel mailing list