[Snort-users] Very basic question

Matt Kettler mkettler at ...4108...
Wed May 21 11:59:08 EDT 2003


This is FAQ 3.2 of the version of the FAQ on the website:
http://www.snort.org/docs/faq.html#3.2

you just don't configure the interface and then force it up with ifup.

 From there snort can sniff packets just fine..

and before you ask, yes you can have IPTables blocking packets and snort 
will still see them.. snort sniffs at the ethernet level, not the IP stack 
level.


At 01:55 PM 5/21/2003 -0400, Ryan Koster wrote:
>Sorry for a basic question but I am new to all this.  I am running Redhat 
>9 with two nics.  I would like to set eth0 with no ip address but still be 
>able to listen for IP traffic.  Can someone please tell me how this is done?





More information about the Snort-users mailing list