[Snort-users] Snort on Linux Help

Michael Aylor maylor at ...1991...
Mon Nov 26 08:49:04 EST 2001


David,

Couldn't help but notice you said this was preloaded RH from Dell.  Did
you mention whether or not iptables was running?
Or ipchains?  I recommend "iptables -L -v -n -t filter".

You might want to reload RH (I recommend 7.1 or 7.2, I can tell you that
I successfully loaded 7.1 on our dell poweredge 2550 servers, it
autodetected the SCSI card and the 1Gb ethernet port as well :) ).  I
usually don't like the way vendor's partition out *nix style harddrives.

Mike

-----Original Message-----
From: David Wilkeson [mailto:davelist at ...4123...]
Sent: Monday, November 26, 2001 10:15 AM
To: Chris Grout; snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] Snort on Linux Help


At 03:39 PM 11/21/2001 -0800, you wrote:
>I'll ask the dumb questions...
>
>1.  With Snort or your Ethereal running, does 'ifconfig' really show
>that interface as being in promiscious mode?

Nope.  However, when I type "ifconfig eth0 promisc" it goes into 
promiscuous mode, but it doesn't change the output of ethereal or 
snort.  So to recap, the syslog indicates the interface entering and 
leaving promiscuous mode, but ifconfig does not report it in promiscuous

mode unless I manually put it into promiscuous mode.

>2.  You are running this as root or with root priveledges right?  I'd
>expect it to complain loudly if you weren't but figured I'd ask
anyways.
>You do need root privs to put the NIC in to promisc mode and it sounds
>like syslog is reporting it as working. (but these are thee dumb
>questions)

Yes I am.

>3.  What brand of Linux?  RedHat? Debian? Suse?

Redhat, loaded by Dell.

>4.  With it running, do a 'netstat -i' (obsfucate your IP just to be
>safe), and send me the output.  I think '-i' works in linux...

Are you sure that's the one you want?  It really doesn't show much of 
anything other than counters.

Dave



_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3457 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20011126/c53c6013/attachment.bin>


More information about the Snort-users mailing list