[Snort-users] Can snort use an unconfigured interface?

Corey Rock snort_sigs at ...125...
Fri May 21 13:40:06 EDT 2004


Is the NIC initialized?  It appears to be down.  Yes, you can grab packets 
in promisicuous mode, but the NIC has to be UP!

If you do ifconfig -a or ifconfig  sis0, what do you get?  It doesn't need 
an IP, but does need to be configured to have drivers loaded, and to be 'UP' 
and RUNNING.

Pcap can't open a NIC that's not running, which it looks like you have.....

(don't know BSD that well, but there must be some startup scripts for the 
NIC, on Linux it's /etc/sysconfig/network-scripts)

make sure the NIC is set to "onboot=yes"

[root at ...11745... root]# more  /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static
BROADCAST=x.x.x.x
IPADDR=x.x.x.x
NETMASK=x.x.x.x
NETWORK=x.x.x.x
ONBOOT=yes


Corey
>From: "Shaun T. Erickson" <ste at ...11690...>
>Reply-To: ste at ...11690...
>To: snort-users at lists.sourceforge.net
>Subject: [Snort-users] Can snort use an unconfigured interface?
>Date: Fri, 21 May 2004 14:26:11 -0400
>
>I thought that you can put an initerface into promiscuous mode and grab 
>packets off the wire without it being configured up. I'd swear I've done 
>this in the past, but perhaps my memory fails me.
>
>I tried to have snort use a second, connected, but unconfigured, nic, to 
>listen on, but I get:
>
>>Initializing Network Interface sis0
>>ERROR: OpenPcap() device sis0 open:
>>         BIOCSETIF: sis0: Network is down
>>Fatal Error, Quitting..
>
>This is on FreeBSD 5.2.1.
>
>	-ste
>
>
>-------------------------------------------------------
>This SF.Net email is sponsored by: Oracle 10g
>Get certified on the hottest thing ever to hit the market... Oracle 10g. 
>Take an Oracle 10g class now, and we'll give you the exam FREE.
>http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users

_________________________________________________________________
Get 200+ ad-free, high-fidelity stations and LIVE Major League Baseball 
Gameday Audio! http://radio.msn.click-url.com/go/onm00200491ave/direct/01/





More information about the Snort-users mailing list