[Snort-users] Snort 1.7 on FreeBSD 4.2, unnumbered Interfaces?
dwhite at ...1486...
Mon Apr 2 17:06:58 EDT 2001
On Mon, 2 Apr 2001, Tom Sevy wrote:
> I have a switched environment, where I will need to tap four switches in
> order to see the entire segment.
> Is it possible to setup FreeBSD such that the interfaces do not have an IP
> address? And secondly, can Snort listen to those interfaces?
I'll give some more details .. :)
You can cheat and use the dhcp trick of configuring the IP address as
'0.0.0.0' to get the interface up so you can bpf it. If you can configure
the switch to disallow incoming packets (Cisco Catalysts can), or use a
clipped connector, all the better.
Doug White | FreeBSD: The Power to Serve
dwhite at ...1486... | www.FreeBSD.org
More information about the Snort-users