[Snort-users] no ip on interface?
michael at ...3137...
Thu Sep 12 09:48:06 EDT 2002
On Thu, Sep 12, 2002 at 04:10:47PM +0000, T.Shaw wrote:
> Hello all..
> this might be a stupid question.. but here goes..I have snort 1.8.7
> up and running loggin to a pgsql database. I haven't installed ACID as
> of yet. I have configured snort to look at all traffic at an interface
> that currently doesnt have an ip assigned to it. Basically the interface
> is just up ( this is a linux box with two interfaces on it) What im
> wondering is even tho i have no ip on the interface, will snort still
> be able to dump alerts and data into the database? Using a normal
> sniffer (ethereal, tcpdump) i can view the traffic on the interface by
> specifying the (usually) the -i parameter. If i gave snort a smiliar
> parameter.. everything should be fine correct? Would this screw up
> reporting and alerts?
First bring up your sniffer interface with:
/sbin/ifconfig eth1 up
For snort use '-i' to specify interface ('-i eth1').
Snort doesn't need an IP on the interface it sniffs on. Most of my snort
installations are sniffing from a ip-less interface.
Student, Husband, Geek. Not necessary in that order thought.
More information about the Snort-users