[Snort-users] stealth interface

Dallas Jordan DJordan at ...7041...
Tue Oct 1 14:20:33 EDT 2002


I replaced the 10baseT NIC with a 100baseT NIC and everything is working
perfectly now.  I guess it's possible that the problem with the 10baseT NIC
is OS related?  Thanks for everyone's help. 

 -----Original Message-----
From: 	Wirth, Jeff [mailto:WirthJe at ...4876...] 
Sent:	Tuesday, October 01, 2002 5:00 PM
To:	'Dallas Jordan'
Cc:	'snort-users at lists.sourceforge.net'
Subject:	RE: [Snort-users] stealth interface


From: Dallas Jordan [mailto:DJordan at ...7041...]
 
> I am pretty new to snort, so forgive my ignorance.  I have 
> FreeBSD 4.5 and
> Snort 1.8.1.  I am trying to set Snort up to monitor an 
> interface with no IP


I would upgrade to 1.8.7...lots of fixes


> address.  But I cant seem to get it to log anything to the 
> /var/log/snort
> directory.  When I start Snort everything appears to be fine. 
>  I use the -v
> flag to see if it is "seeing" anything, and I can see lots of 

<snip>

> !$HOME_NET.  Don't know if that helps anyone.  I also have 
> another NIC with
> a IP address that I will use to access the snort box.  If I 
> set up snort to
> monitor this interface, it works as it should.  Everything 
> gets logged into


How is your first nic configured in rc.conf?  Does ifconfig report the nic
as up?


> directories according to IP addresses.  I also have a rule 
> that alerts to
> all TCP traffic, just to check if SnortSnarf is working 
> correctly with my
> alert file.  When Snort is monitoring the interface with no 
> IP no alerts are
> logged.  But they are logged, when monitoring the interface 
> with an IP.  I
> am sure it is something simple I'm missing, but I cant figure it out.
> Thanks for any help you can give.  
> 


sounds OS related to me.

- Jeff




More information about the Snort-users mailing list