[Snort-users] Snort on Linux Help
maylor at ...1991...
Mon Nov 26 08:49:04 EST 2001
Couldn't help but notice you said this was preloaded RH from Dell. Did
you mention whether or not iptables was running?
Or ipchains? I recommend "iptables -L -v -n -t filter".
You might want to reload RH (I recommend 7.1 or 7.2, I can tell you that
I successfully loaded 7.1 on our dell poweredge 2550 servers, it
autodetected the SCSI card and the 1Gb ethernet port as well :) ). I
usually don't like the way vendor's partition out *nix style harddrives.
From: David Wilkeson [mailto:davelist at ...4123...]
Sent: Monday, November 26, 2001 10:15 AM
To: Chris Grout; snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] Snort on Linux Help
At 03:39 PM 11/21/2001 -0800, you wrote:
>I'll ask the dumb questions...
>1. With Snort or your Ethereal running, does 'ifconfig' really show
>that interface as being in promiscious mode?
Nope. However, when I type "ifconfig eth0 promisc" it goes into
promiscuous mode, but it doesn't change the output of ethereal or
snort. So to recap, the syslog indicates the interface entering and
leaving promiscuous mode, but ifconfig does not report it in promiscuous
mode unless I manually put it into promiscuous mode.
>2. You are running this as root or with root priveledges right? I'd
>expect it to complain loudly if you weren't but figured I'd ask
>You do need root privs to put the NIC in to promisc mode and it sounds
>like syslog is reporting it as working. (but these are thee dumb
Yes I am.
>3. What brand of Linux? RedHat? Debian? Suse?
Redhat, loaded by Dell.
>4. With it running, do a 'netstat -i' (obsfucate your IP just to be
>safe), and send me the output. I think '-i' works in linux...
Are you sure that's the one you want? It really doesn't show much of
anything other than counters.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3457 bytes
Desc: not available
More information about the Snort-users