[Snort-users] eth0 leaving promiscuous mode
marko at ...303...
Wed Oct 25 02:09:30 EDT 2000
Yes, I was, until Fyofor asked me the same question. :-)
As soon as I stopped using the -D option, it started working the way I
expected it to work.
Martin Roesch wrote:
> Are you running in daemon mode?
> Marko Jennings wrote:
> > Hi,
> > I am running snort-1.6.3-patch2 on a Pentium 133MHz with 96MB of RAM
> > under Red Hat 6.2 (2.2.14-5.0 kernel). My problem is that the network
> > card seems to be leaving promiscuous mode immediately after it enters it
> > when snort starts. Because of that, only traffic to and from it's
> > address is being analyzed. Below are relevant syslog messages.
> > Oct 14 21:08:46 usdtwids0001 kernel: snort uses obsolete
> > (PF_INET,SOCK_PACKET)
> > Oct 14 21:08:46 usdtwids0001 kernel: device eth0 entered promiscuous
> > mode
> > Oct 14 21:08:46 usdtwids0001 kernel: device eth0 left promiscuous mode
> > Oct 14 21:08:46 usdtwids0001 snort:
> > Oct 14 21:08:46 usdtwids0001 snort: Initializing Network Interface...
> > Oct 14 21:08:46 usdtwids0001 snort: Initializing daemon mode
> > Oct 14 21:08:46 usdtwids0001 snort: Starting NIDS succeeded
> > I have another box where this does not happen, and I don't know what is
> > making the difference. I tried three different network cards (two
> > 3com's and one Intel) and nothing changed.
> > I would greatly appreciate any help.
> > Sincerely,
> > Marko Jennings
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > http://lists.sourceforge.net/mailman/listinfo/snort-users
> Martin Roesch
> roesch at ...421...
More information about the Snort-users