[Snort-users] no ip address on interface
mkettler at ...4108...
Wed Nov 21 10:28:02 EST 2001
I run this kind of configuration on OpenBSD 2.8 and have no problems. The
only unusual bit is that the interface with no IP address has to be forced
up, default boot leaves it down.
I run with: snort -k none -D -i rl1 -c /etc/snort.conf
and the -k is just because the snort box is right behind a router that
doesn't forward corrupted packets, so why waste the time checking checksums.
I'd make sure with tcpdump that the traffic of interest is actually
appearing on that interface. Are you sure that port isn't on a normal
switch port or something of the sort? tcpdump uses libpcap to grab packets,
just like snort does, so it's a good first test.
At 11:19 AM 11/21/2001, Ronneil Camara wrote:
>I'm using openbsd with 2 nics. I didn't assign an ip on my
>/etc/hostname.fxp1 but I did on /etc/hostname.fxp0. I tried running
>snort but it couldn't see any traffic. This is the command that I run;
>snort -D -i fxp1 -l /var/log/snort -c /etc/snort
>Do I have to edit or recompile my kernel to add support for something,
>like pseudo-device for this to work?
>Btw, the content of my hostname.fxp1 is media 10baseT up
>and when I ifconfig fxp1, it says, it's UP, PROMISC and so on.
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>Snort-users list archive:
More information about the Snort-users