[Snort-users] no ip address on interface

Matt Kettler mkettler at ...4108...
Wed Nov 21 10:28:02 EST 2001


I run this kind of configuration on OpenBSD 2.8 and have no problems. The 
only unusual bit is that the interface with no IP address has to be forced 
up, default boot leaves it down.

I run with: snort -k none -D -i rl1 -c /etc/snort.conf

and the -k is just because the snort box is right behind a router that 
doesn't forward corrupted packets, so why waste the time checking checksums.


I'd make sure with tcpdump that the traffic of interest is actually 
appearing on that interface. Are you sure that port isn't on a normal 
switch port or something of the sort? tcpdump uses libpcap to grab packets, 
just like snort does, so it's a good first test.

At 11:19 AM 11/21/2001, Ronneil Camara wrote:
>Hi Guys,
>
>I'm using openbsd with 2 nics. I didn't assign an ip on my
>/etc/hostname.fxp1 but I did on /etc/hostname.fxp0. I tried running
>snort but it couldn't see any traffic. This is the command that I run;
>snort -D -i fxp1 -l /var/log/snort -c /etc/snort
>
>Do I have to edit or recompile my kernel to add support for something,
>like pseudo-device for this to work?
>Btw, the content of my hostname.fxp1 is media 10baseT up
>
>and when I ifconfig fxp1, it says, it's UP, PROMISC and so on.
>
>Thanks guys.
>
>Neil
>
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list





More information about the Snort-users mailing list