[Snort-users] RE: Win2K Pro Sniffing

Robert Reid rreid at ...7835...
Fri Oct 15 14:37:22 EDT 2004

The easiet method is to set the adapter to obtain its address from DHCP and
then disable the DHCP service. Keep in mind this will break 2000's ability
to dynamically update DNS, but that shouldn't be a problem on a IDS box.


-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Jim Richards
Sent: Friday, October 15, 2004 7:15 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] RE: Win2K Pro Sniffing

You can find it here:



Original Message:

Let me apologize ahead of time if this has been posted before. 

This is what I have:

Windows 2000 Professional
Running SNORT, ACID, etc.

1 x NIC (Management) Configured for a Management Console to our Firewall
1 x NIC (SnifferNET) Connected outside the firewall sniffing on a (Real) HUB

What I need to do is Stealth my SnifferNET so prying eyes will have a hard
time finding it. I actually found a site with registry Hacks that give the
NIC a address and allow sniffing. Anybody know where or how to do
this? I don't remember the site and Browser History is of no help. I have
spent most of the day trying to find it to no avail...

I really didn't want to use the Windows box but, my Firewall management
software won't run on Linux and I am out of boxes to spare....

Mike French
MIS OnlineServices
754 Port America Place
Suite 150
Grapevine, TX 76051
(888) 327-5647
(817) 488-1600
FAX (817) 488-1103
MikeF at ...12560...

This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use
IT products in your business? Tell us what you think of them. Give us Your
Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list