[Snort-users] [Snorting 2 NICs]

Petr Ruzicka petr_ruzicka at ...131...
Mon Jun 10 06:06:04 EDT 2002


I installed Snort with four NIC without problem. I
also get warning "...no IPv4 address assigned.."
however Snort was snorting :o]

Petr R.
--- Gregory D Hough <mr6re9 at ...6025...> wrote:
> Greetings Group,
> 
> I have Snort running into MySQL. I use ACID to view
> alerts. Snort works fine 
> when started as: snort -c
> /usr/local/etc/snort/snort.conf -i eth0 -D but this 
> is my internal interface. When fired up for eth1 (IP
> address ppp0) I get this 
> in /var/log/messages:
> 
> WARNING: OpenPcap() device eth1 network lookup:
> ^Ieth1: no Ipv4 address 
> assigned
> Initializing daemon mode
> WARNING: OpenPcap() device eth1 network lookup:
> ^Ieth1: no Ipv4 address 
> assigned
> PID stat checked out ok, PID set to /var/run
> Writing PID file to "/var/run"
> Snort initialization completed successfully, Snort
> running
> 
> Obviously Snort sees no traffic whatsoever. Is there
> anyway to initialize 
> Snort with two sensors, eth0 and ppp0?
> 
> This is on a tutorial HOME_NET, with a Linux gateway
> machine and two other 
> boxes inside, one Linux and one Win. I'd like to
> continue monitoring the 
> internal due to the Win box. I have mulled over the
> excellent documentation 
> for setting the whole thing up, thanks to everyone
> involved. I just haven't 
> found an answer to this type of setup yet.
> 
> Thanks for any clues,
> farmer6re9
> 
> PS- Poll Contrib:
> 
> month/year of capture: 05/21/2002 to 06/10/2002
> 
> version of snort: snort-1.8.6
> 
> description of rules enabled  - default? all? custom
> (please give details): 
> default
> 
> sensor environment - what kind/size of organisation,
> location of sensor etc: 
> home network/3 boxen eth0 before hub on gateway
> machine
> 
> inside some kind of firewall (Y/N): Y iptables
> 
> bandwidth sniffed (ISDN, ADSL, 10, 100, gigabit
> etc): ADSL
> 
> duration of sniffing (days): 20
> 
> total number of alerts raised: 185
> 
> format of alerting - text/fast, text/full (this is
> the default), tcpdump, 
> database (what type?) etc: default, MySQL-3.23.43-1
> 
> payloads captured (Y/N): Y
> 
> total disk space taken by the alerts (including
> payloads if captured, 
> database indexes etc): 92.1 KB's
> 
>
_______________________________________________________________
> 
> Don't miss the 2002 Sprint PCS Application
> Developer's Conference
> August 25-28 in Las Vegas -
>
http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or
> unsubscribe:
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users


__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com




More information about the Snort-users mailing list