[Snort-users] Promiscuous mode (again)

snortlst snortlst snortlst at ...125...
Tue Sep 18 08:48:04 EDT 2001


from the FAQ:
Run Snort in sniffer mode (snort -dvi eth0) and make sure it can see the
   packets.  Then run it with the HOME_NET set appropriately for the network
   you're defending in your rules file.  A default rules file comes with the
   snort distribution and is called "snort.conf" You can run this basic ruleset
   with the following command line:
  
   snort -Afull -c snort.conf

   If it's all set right, once it's running do an "ifconfig -a" and make sure
   the interface is in promiscuous mode (it'll say so in the options section of
   the printout).  If it's not, there should be a way to set it manually. 
  
So according to that it is mandatory to have NIC in promiscuous mode on snort machine.....one of the guys send me an answer that it is not mandatory.....
Can anybody clarify this issue?
(On the other hand - what's the use of having promiscuous mode if we use swithches on the network?)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20010918/4a2d2e0f/attachment.html>


More information about the Snort-users mailing list