[Snort-users] stealth interface

Dallas Jordan DJordan at ...7041...
Tue Oct 1 13:12:42 EDT 2002


I am pretty new to snort, so forgive my ignorance.  I have FreeBSD 4.5 and
Snort 1.8.1.  I am trying to set Snort up to monitor an interface with no IP
address.  But I cant seem to get it to log anything to the /var/log/snort
directory.  When I start Snort everything appears to be fine.  I use the -v
flag to see if it is "seeing" anything, and I can see lots of packets on the
monitor.  But none are getting logged.  I am using the -l /var/log/snort
option for the logging.  I have my $HOME_NET 10.0.0.0/24 and EXTERNAL_NET
!$HOME_NET.  Don't know if that helps anyone.  I also have another NIC with
a IP address that I will use to access the snort box.  If I set up snort to
monitor this interface, it works as it should.  Everything gets logged into
directories according to IP addresses.  I also have a rule that alerts to
all TCP traffic, just to check if SnortSnarf is working correctly with my
alert file.  When Snort is monitoring the interface with no IP no alerts are
logged.  But they are logged, when monitoring the interface with an IP.  I
am sure it is something simple I'm missing, but I cant figure it out.
Thanks for any help you can give.  






More information about the Snort-users mailing list