[Snort-users] Receive Only Cable...

Erek Adams erek at ...577...
Tue Jan 15 00:18:02 EST 2002


On Tue, 15 Jan 2002, Ian Masters wrote:

> I have a couple of questions about the setting up of Snort in stealth mode
> using a receive only cable:
>
> 1. In 3.1 of the faq there are 3 'A's. Is it necessary to follow all of
> these steps 1-3 or is it an either /or situation (obviously the 2nd and 3rd
> 'A' are basically the same step)?

Well, the first 'A' is in regards to the stealth interface whilst the others
are in regards to a r/o cable.

You can also have a look at the two docs I've archived on my lil' snort page.
One is already in the FAQ (Sam Ng's cable), while the other is just a useful
email I snagged from the honepots list.

http://www.theadamsfamily.net/~erek/snort

> 2. How is it possible to bring up an ethernet interface without the IP
> address on it? If someone could let me know I'd be very grateful.

IIRC, on most systems it's as simple as "ifconfig <int> up".  Some might
require an ip, if so use 0.0.0.0 as the IP.  As for yours...  Don't know.  I
don't have access to a RH box to confirm the exact commands.

Hope that helps!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net






More information about the Snort-users mailing list