[Snort-users] Setting snort interface to "listen only"

shawn . moyer shawn at ...1184...
Mon Apr 23 10:52:55 EDT 2001


Joe Lawson wrote:

> I've got a Windows 2000 box running the Win32 version of snort.  I'd like to
> set the public interface (outside firewall) to listen only and have a
> private interface inside the firewall that will log to a syslog daemon.
> I've read that it is possible to not assign an IP address to the interface
> and still pick up packets on the wire.  I've tried to unbind the IP address
> from the NIC and it doesn't appear to work.  Is there another way to
> accomplish this and if so what is it?

In *nix, I usually do this by setting the IP to 0.0.0.0 or 127.0.0.2,
try the same in Win2K and see if it burps or not.




--shawn

-- 

s h a w n   m o y e r
shawn at ...1184...

"Nuclear war would really set back cable."
	                     -- Ted Turner




More information about the Snort-users mailing list