[Snort-users] interface on promiscuous mode ?

Sean T. Ballard stballard at ...4587...
Fri Mar 22 13:59:02 EST 2002


do ifconfig -promisc then tcpdump and see if it comes up

-----Original Message-----
From: Mike_Sands at ...5033... [mailto:Mike_Sands at ...5033...]
Sent: Friday, March 22, 2002 4:14 PM
To: Ashley Thomas
Cc: snort-users at lists.sourceforge.net;
snort-users-admin at lists.sourceforge.net
Subject: Re: [Snort-users] interface on promiscuous mode ?



Have you mirrored or spanned the ports on the switch that the machine is
connected to?

Mike Sands
Security / Network Engineer
Element K
'the knowledge catalyst'
www.elementk.com



|--------+--------------------------------------->
|        |          Ashley Thomas                |
|        |          <athomas at ...3539...>     |
|        |          Sent by:                     |
|        |          snort-users-admin at ...635...|
|        |          eforge.net                   |
|        |                                       |
|        |                                       |
|        |          03/22/2002 02:10 PM          |
|        |                                       |
|--------+--------------------------------------->
 
>-----------------------------------------------------------------------
-------------------------------------|
  |
|
  |       To:     snort-users at lists.sourceforge.net
|
  |       cc:
|
  |
|
  |       Subject:     [Snort-users] interface on promiscuous mode ?
|
 
>-----------------------------------------------------------------------
-------------------------------------|




hi,

i am setting up snort on a linux machine and needs the ethernet
interface
to be in stealth mode.

so i did a simple "ifconfig eth0 up"

and see the ifconfig -a as:

eth1      Link encap:Ethernet  HWaddr 00:03:86:45:BB:77
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1029434 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          Interrupt:5 Memory:f9000000-f9020000


But i see only arp and broadcast packets when i do a tcpdump -i eth1

Looking at /var/log/messages, i don't see "device eth1 entered
promiscuous
mode"

Is this the problem ? How do i make it go into promiscuous mode ?

thanks



_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list