[Snort-users] Can snort use an unconfigured interface?
snort_sigs at ...125...
Fri May 21 13:40:06 EDT 2004
Is the NIC initialized? It appears to be down. Yes, you can grab packets
in promisicuous mode, but the NIC has to be UP!
If you do ifconfig -a or ifconfig sis0, what do you get? It doesn't need
an IP, but does need to be configured to have drivers loaded, and to be 'UP'
Pcap can't open a NIC that's not running, which it looks like you have.....
(don't know BSD that well, but there must be some startup scripts for the
NIC, on Linux it's /etc/sysconfig/network-scripts)
make sure the NIC is set to "onboot=yes"
[root at ...11745... root]# more /etc/sysconfig/network-scripts/ifcfg-eth0
>From: "Shaun T. Erickson" <ste at ...11690...>
>Reply-To: ste at ...11690...
>To: snort-users at lists.sourceforge.net
>Subject: [Snort-users] Can snort use an unconfigured interface?
>Date: Fri, 21 May 2004 14:26:11 -0400
>I thought that you can put an initerface into promiscuous mode and grab
>packets off the wire without it being configured up. I'd swear I've done
>this in the past, but perhaps my memory fails me.
>I tried to have snort use a second, connected, but unconfigured, nic, to
>listen on, but I get:
>>Initializing Network Interface sis0
>>ERROR: OpenPcap() device sis0 open:
>> BIOCSETIF: sis0: Network is down
>>Fatal Error, Quitting..
>This is on FreeBSD 5.2.1.
>This SF.Net email is sponsored by: Oracle 10g
>Get certified on the hottest thing ever to hit the market... Oracle 10g.
>Take an Oracle 10g class now, and we'll give you the exam FREE.
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>Snort-users list archive:
Get 200+ ad-free, high-fidelity stations and LIVE Major League Baseball
Gameday Audio! http://radio.msn.click-url.com/go/onm00200491ave/direct/01/
More information about the Snort-users