[Snort-users] snort and demarc frontend and Promiscuous mode
erek at ...577...
Wed Sep 4 15:14:12 EDT 2002
On Wed, 4 Sep 2002, Lavin, John wrote:
> Do I need two network cards in order to run snort in Promiscuous mode?
> I am running this on a linux box with one nic card right now. So currently
> if I do a nmap scan from another linux box right at the box with snort
> loaded on it....
> nmap -O (ip address of the box)
> It will trigger the alerts.
> However If I scan another pc plugged into the same hub it does not report
> finding anything.
> so I think I need to adjust the mode or install another nic card then setup
> the Promiscuous mode.
Nope. Just read the FAQ.
> Can anyone please let me know how to do this or point me to the correct
> documentation. I know how to put in the nic and set it up, I just want to
> find out what the interfaces are labeled from snorts point of view and know
> what options I need to add to snort when I start it up.
Will show you all interfaces. Snort uses the same names as the OS.
If you are using a 'dual speed hub', then check out the FAQ.
If you are using a switch, setup SPAN (Cisco's) or use the 'monitor port'.
Hope that helps!
More information about the Snort-users