[Snort-users] Hmmm.. Not setting promiscuous mode

Ryan Russell ryan at ...35...
Tue Jul 18 12:43:00 EDT 2000


I've used the newer libpcap stuff from the tcpdump.org guys with no
trouble, provided I install bison.  The stock yacc doesn't seem to cut
it.  This was not specificially w/snort tho.. it's with dsniff, tcpdump,
juggernaut, hunt, etc..

Does snort have a particular libpcap version requirement?

					Ryan

On Tue, 18 Jul 2000 David.Hoelzer at ...30... wrote:

> 
> 
> Ah ha...
> 
>      I'm running Mandrake 7.1 as well.  It turns out that I replaced my 0.4 libpcap with the .5 since the last time I
> ran snort.  The .5 pcap is NOT compatible.  If I have some time I'll see about creating a diff file to fix for those who
> want to move to .5.
> 
> Thanks!
> 
> 
> 
> 
> "Pinaud Bruno" <bpinaud at ...12...> on 07/18/2000 12:23:38 PM
> 
> To:   snort-users at lists.sourceforge.net
> cc:    (bcc: David Hoelzer/SMC)
> 
> Subject:  Re: [Snort-users] Hmmm.. Not setting promiscuous mode
> 
> 
> 
> 
> What is your version ?
> What is your os ?
> I'm using linux (Mandrake 7.1) i've got no problems with that.
> 
> 
> ----- Original Message -----
> From: <David.Hoelzer at ...30...>
> To: <snort-users at lists.sourceforge.net>
> Sent: Tuesday, July 18, 2000 6:52 PM
> Subject: [Snort-users] Hmmm.. Not setting promiscuous mode
> 
> 
> >
> >
> > Ok... I'm not new to snort or network sniffing by any means..  I haven't
> used Snort since version 1.3 or so, so I
> > thought it was time to try out what's new.  The trouble is that it doesn't
> set the interface into promiscuous mode for
> > some weird reason.  Yes, I'm running it as root, yes the adapter supports
> Promisc mode (tcpdump works just fine).  What
> > the heck am I missing?
> >
> >
> > sample command line:
> >
> > snort -i eth1 -v
> >
> >
> > The only packets that are captured are broadcasts and stuff directly
> to/from the machine.
> >
> > (Before you ask, let me settle a few more questions that I know I will
> see.  Yes, I'm sure there's traffic, No, it's not
> > plugged into a switch (note above, tcpdump works fine))
> >
> > Thanks!
> >
> >
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > http://lists.sourceforge.net/mailman/listinfo/snort-users
> 
> 
> ______________________________________________________________________________
> message envoye depuis http://www.ifrance.com
> emails (pop)-sites persos (espace illimite)-agenda-favoris (bookmarks)-forums
> Ecoutez ce message par tel ! : 08 92 68 92 15 (france uniquement)
> 
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users
> 
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users
> 





More information about the Snort-users mailing list