[Snort-users] stealth interface
WirthJe at ...4876...
Tue Oct 1 14:02:21 EDT 2002
From: Dallas Jordan [mailto:DJordan at ...7041...]
> I am pretty new to snort, so forgive my ignorance. I have
> FreeBSD 4.5 and
> Snort 1.8.1. I am trying to set Snort up to monitor an
> interface with no IP
I would upgrade to 1.8.7...lots of fixes
> address. But I cant seem to get it to log anything to the
> directory. When I start Snort everything appears to be fine.
> I use the -v
> flag to see if it is "seeing" anything, and I can see lots of
> !$HOME_NET. Don't know if that helps anyone. I also have
> another NIC with
> a IP address that I will use to access the snort box. If I
> set up snort to
> monitor this interface, it works as it should. Everything
> gets logged into
How is your first nic configured in rc.conf? Does ifconfig report the nic
> directories according to IP addresses. I also have a rule
> that alerts to
> all TCP traffic, just to check if SnortSnarf is working
> correctly with my
> alert file. When Snort is monitoring the interface with no
> IP no alerts are
> logged. But they are logged, when monitoring the interface
> with an IP. I
> am sure it is something simple I'm missing, but I cant figure it out.
> Thanks for any help you can give.
sounds OS related to me.
More information about the Snort-users