[Snort-users] Setting snort interface to "listen only"

Joe Lawson jlawson at ...1875...
Mon Apr 23 16:33:09 EDT 2001


Shawn,

Thanks for the help.  However, My W2K box will not let you enter either a
0.0.0.0 or 127.0.0 address into the NIC TCP/IP address field.  I'll have to
look further.

Joe

-----Original Message-----
From: shawn . moyer [mailto:shawn at ...1184...]
Sent: Monday, April 23, 2001 10:53 AM
To: Joe Lawson
Cc: 'Snort user List'
Subject: Re: [Snort-users] Setting snort interface to "listen only"


Joe Lawson wrote:

> I've got a Windows 2000 box running the Win32 version of snort.  I'd like
to
> set the public interface (outside firewall) to listen only and have a
> private interface inside the firewall that will log to a syslog daemon.
> I've read that it is possible to not assign an IP address to the interface
> and still pick up packets on the wire.  I've tried to unbind the IP
address
> from the NIC and it doesn't appear to work.  Is there another way to
> accomplish this and if so what is it?

In *nix, I usually do this by setting the IP to 0.0.0.0 or 127.0.0.2,
try the same in Win2K and see if it burps or not.




--shawn

-- 

s h a w n   m o y e r
shawn at ...1184...

"Nuclear war would really set back cable."
	                     -- Ted Turner




More information about the Snort-users mailing list