[Snort-users] Setting snort interface to "listen only"

Joe Lawson jlawson at ...1875...
Mon Apr 23 16:33:09 EDT 2001


Thanks for the help.  However, My W2K box will not let you enter either a or 127.0.0 address into the NIC TCP/IP address field.  I'll have to
look further.


-----Original Message-----
From: shawn . moyer [mailto:shawn at ...1184...]
Sent: Monday, April 23, 2001 10:53 AM
To: Joe Lawson
Cc: 'Snort user List'
Subject: Re: [Snort-users] Setting snort interface to "listen only"

Joe Lawson wrote:

> I've got a Windows 2000 box running the Win32 version of snort.  I'd like
> set the public interface (outside firewall) to listen only and have a
> private interface inside the firewall that will log to a syslog daemon.
> I've read that it is possible to not assign an IP address to the interface
> and still pick up packets on the wire.  I've tried to unbind the IP
> from the NIC and it doesn't appear to work.  Is there another way to
> accomplish this and if so what is it?

In *nix, I usually do this by setting the IP to or,
try the same in Win2K and see if it burps or not.



s h a w n   m o y e r
shawn at ...1184...

"Nuclear war would really set back cable."
	                     -- Ted Turner

More information about the Snort-users mailing list