[Snort-users] Setting snort interface to "listen only"
jlawson at ...1875...
Mon Apr 23 16:33:09 EDT 2001
Thanks for the help. However, My W2K box will not let you enter either a
0.0.0.0 or 127.0.0 address into the NIC TCP/IP address field. I'll have to
From: shawn . moyer [mailto:shawn at ...1184...]
Sent: Monday, April 23, 2001 10:53 AM
To: Joe Lawson
Cc: 'Snort user List'
Subject: Re: [Snort-users] Setting snort interface to "listen only"
Joe Lawson wrote:
> I've got a Windows 2000 box running the Win32 version of snort. I'd like
> set the public interface (outside firewall) to listen only and have a
> private interface inside the firewall that will log to a syslog daemon.
> I've read that it is possible to not assign an IP address to the interface
> and still pick up packets on the wire. I've tried to unbind the IP
> from the NIC and it doesn't appear to work. Is there another way to
> accomplish this and if so what is it?
In *nix, I usually do this by setting the IP to 0.0.0.0 or 127.0.0.2,
try the same in Win2K and see if it burps or not.
s h a w n m o y e r
shawn at ...1184...
"Nuclear war would really set back cable."
-- Ted Turner
More information about the Snort-users