[Snort-users] Promiscuouls Mode Question
erek at ...577...
Sun Sep 2 09:24:02 EDT 2001
On Sun, 2 Sep 2001, Jim Kipp wrote:
> If I run snort or tcpdump(on eth0), then do ifconfig -a eth0, it does
> not report PROMISC. Only when I manually set promisc does it report it.
> But tcpdump seems to be sniffing everything. Is this normal?
Well, I'm not a cable modem user, but I play one in 'The Young and The
Seriously, look at the traffic. Is it only traffic bound for your IP? If so,
you're seeing what you should be when not in promisc mode. If that's the
case, then yes, it's all working as it should.
Try doing a 'tcpdump not host <foo>' with <foo> being your host. If you see
traffic to/from other boxes other than ARP, then there is something kinda odd
Hope this helps!
More information about the Snort-users