[Snort-users] Starting snort against multiple interfaces?

Bill Marquette wlmarque at ...8...
Tue Jun 19 16:19:51 EDT 2001


Kiira,
     http://snort.sourceforge.net/snort-daily.tar.gz contains a daily snapshot
of the CVS tree.  Be warned though, I believe it's a tarball of the actual CVS
tree, not the export (or checked out) tree.  This should at least get you around
your firewall issues :)  Alternately, I make a snapshot at midnight CDT, that is
a checked out version, it's available (if you want to trust me :)) at:
http://www.danger.ms/~billm/snort-current.tgz

--Bill


|--------+------------------------------->
|        |          Kiira Triea          |
|        |          <kiira-t at ...2337...|
|        |          .org>                |
|        |                               |
|        |          06/19/2001 01:52 PM  |
|        |                               |
|--------+------------------------------->
  >-------------------------------------------------------------------------|
  |                                                                         |
  |      To:   fygrave at ...121... (Fyodor)                               |
  |      cc:   snort-users at lists.sourceforge.net                            |
  |      Client:                                                            |
  |      Subject:   Re: [Snort-users] Starting snort against multiple       |
  |       interfaces?                                                       |
  >-------------------------------------------------------------------------|







Hi,


> On Tue, Jun 19, 2001 at 12:30:45PM -0400, Kiira Triea wrote:
> >
> > Ok, it's my day for goofy questions I guess. I have recompiled
> > snort using Sebastian Krahmer's patched libpcap, I am using a
> > 2.2.16 kernel and all went well with the build. If I understand
> > the docs I've found on this I should be able to start snort like:
> > './snort -D -i any -c snort.conf' and have it read from all nics?
> >
> > Instead I get
> >
> > Initializing Network Interface any
> > ioctl(SIOCGIFMTU): No such device
> > ERROR: Can not get MTU of an interface any!
> >
> > ????
>
> Looks like old snort (1.7x something) is used here. :) We have done a
> few fixes here:
> 1. It's recomended to use recent version from www.tcpdump.org, they have
> fixed a few things in Sebastian's code and incorporated the patch.
> 2. More recent snort, we have fixed support of interface 'any' in it :)


Yes Ok, I am using ver 1.7 from snort.org. Poop. When is ver. 8
expected ready for prime time? Getting cvs working is not going
through my firewall it looks.

thanks,

Kiira


_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users







More information about the Snort-users mailing list