[Snort-users] Dual ethernet cards under Linux - could be of use to others

Jason Haar Jason.Haar at ...294...
Thu Nov 2 22:07:00 EST 2000


On Thu, Nov 02, 2000 at 08:37:05PM -0500, Guy Bruneau wrote:
> Jason,
> 
> The way I have done it is by turning the second card into promicous mode in the
> following way  at startup. In rc.local add:
> 
> /sbin/ifconfig eth0 0.0.0.0 promisc
> 
> The result of ifconfig shows the following
> 
> eth0      Link encap:Ethernet  HWaddr xx:xx:xx:xx:xx:xx
>           UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
>           RX packets:26731 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:100
>           Interrupt:10 Base address:0xd000
> 
> Keeping the card invisible to the network. Check out the statistics. 26731
> packets received and nothing else. The other card (management) has IPChains
> blocking everything.

Interesting  - that doesn't work here...

My eth1 is reporting:

RX packets:113043
TX packets: 46

I'm running arpwatch as well as it's show my MAC address "flip-flopping" -
one moment it's the MAC address of eth0, the next it's eth1...

-- 
Cheers

Jason Haar

Unix/Special Projects, Trimble NZ
Phone: +64 3 9635 377 Fax: +64 3 9635 417



More information about the Snort-users mailing list