[Snort-users] Network Card and promiscious mode

Martin Roesch roesch at ...421...
Fri Jan 26 22:27:37 EST 2001


Hi Trevor,
     If you're running on windows, you're going to need to get winpcap. 
There's a link to it at Mike Davis' page
(http://www.datanerds.net/~mike).
     As for a *NIX variant to run, Linux is fine if you're comfortable
with it, I hear that the performance of the 2.4 kernel is pretty good
these days.  I personally prefer the BSD operating systems (specifically
OpenBSD and FreeBSD) for dedicated sensors.

    -Marty

"Hearn, Trevor" wrote:
> 
> Hello everyone.
> Im a new snorter.  I just got thru re-formatting a server that had been
> running NFR.  I liked it, but it was WAY too expensive for my budget.  I
> d/l'ed the new windows version of snort 1.6.3, and got it running.  I have a
> question that probably is an easy answer, but i'm not sure which way to go.
> 
> If I am running a machine with WIN98, how do I get the network card to run
> in promiscious mode?  If I don't setup TCP/IP, will I be invisible to the
> network?  I know that NFR did not require setup on the adapter that was
> connected to the monitored network, but I was unsure how to get the same
> results from WIN98.
> 
> I also plan to get it running on a server with Redhat 7.0.  Any suggestions
> about my choice of OS?  Thanks guys.
> 
> Skydog
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users

--
Martin Roesch
roesch at ...421...
http://www.snort.org




More information about the Snort-users mailing list