[Snort-users] Re: [snort] RE: snort-digest V1 #141

Jeff Nathan jeff at ...2...
Thu Jul 13 15:41:01 EDT 2000


You simply use: ifconfig <interface> up, provided the kernel recognizes
the device.  The device is capable of capturing packets promiscuously
and is unable to send any traffic.  It's interaction with the network is
obviously limited, this sort of implementation is really only useful
when you're using a span port on a switch.

-Jeff


d0rk wrote:
> 
> How do you bring up an interface without an addy? How does it act on the
> network? Does it just listen to everything?
> 
> __In response to:__
> Technically, you can certainly use a SPAN port.  As you mentioned below,
> the box would have to be multihomed in order to actively alert.  However
> to simply listen promiscuously, an interface need not even have an IP
> address, merely be 'up'.

-- 
Jeff Nathan                          <jeff at ...2...>
Core R&D                         http://www.hiverworld.com
Hiverworld, Inc.       Continuous Adaptive Risk Management





More information about the Snort-users mailing list