[Snort-users] OBSD / PROMISCUOUS

Andre' M. DiMino tsamp77 at ...549...
Mon Sep 19 08:48:21 EDT 2005

I bring up my non-IP nics directly with ifconfig:

ifconfig eth1 up promisc


It brings up the nic without an IP address and puts it in promiscuous mode.








From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Sean Kiewiet
Sent: Monday, September 19, 2005 10:00 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] OBSD / PROMISCUOUS


Hey all:





I have a machine with 4 nics running 4 instances of snort:


/usr/local/bin/snort -u sguil -g sguil -l /nsm/em0 -c
/etc/snort/em0.snort.conf -U -A none -m 122 -i em0 -D /usr/local/bin/snort
-u sguil -g sguil -l /nsm/em1 -c /etc/snort/em1.snort.conf -U -A none -m 122
-i em1 -D /usr/local/bin/snort -u sguil -g sguil -l /nsm/em2 -c
/etc/snort/em2.snort.conf -U -A none -m 122 -i em2 -D /usr/local/bin/snort
-u sguil -g sguil -l /nsm/em3 -c /etc/snort/em3.snort.conf -U -A none -m 122
-i em3 -D


One of the 4 nics has an ip address, the others do not.  

When I start up the 4 instances of snort, the nic (em0) with the ip address
shows up in promiscuous mode, the others do not.


# ifconfig -a

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33224

        inet netmask 0xff000000

        inet6 ::1 prefixlen 128

        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8


        address: 00:04:23:bd:ab:d6

        media: Ethernet autoselect (1000baseT full-duplex)

        status: active

        inet netmask 0xffffff00 broadcast

        inet6 fe80::204:23ff:febd:abd6%em0 prefixlen 64 scopeid 0x1

em1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500

        address: 00:04:23:bd:ab:d7

        media: Ethernet autoselect (1000baseT full-duplex)

        status: active

em2: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500

        address: 00:14:22:0f:84:2b

        media: Ethernet autoselect (1000baseT full-duplex)

        status: active

em3: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500

        address: 00:14:22:0f:84:2c

        media: Ethernet autoselect (100baseTX full-duplex)

        status: active

pflog0: flags=0<> mtu 33224

pfsync0: flags=0<> mtu 2020

enc0: flags=0<> mtu 1536



How do I get the other 3 ip-less nics to run in promiscuous mode in OBSD?


Any help would be appreciated.






-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20050919/b99c63a7/attachment.html>

More information about the Snort-users mailing list