[Snort-users] Promiscuous mode (again)
snortlst at ...125...
Tue Sep 18 08:48:04 EDT 2001
from the FAQ:
Run Snort in sniffer mode (snort -dvi eth0) and make sure it can see the
packets. Then run it with the HOME_NET set appropriately for the network
you're defending in your rules file. A default rules file comes with the
snort distribution and is called "snort.conf" You can run this basic ruleset
with the following command line:
snort -Afull -c snort.conf
If it's all set right, once it's running do an "ifconfig -a" and make sure
the interface is in promiscuous mode (it'll say so in the options section of
the printout). If it's not, there should be a way to set it manually.
So according to that it is mandatory to have NIC in promiscuous mode on snort machine.....one of the guys send me an answer that it is not mandatory.....
Can anybody clarify this issue?
(On the other hand - what's the use of having promiscuous mode if we use swithches on the network?)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users