[Snort-users] snort on debian monitor interface dhcp
Craig Van Tassle
craig at ...14366...
Fri Feb 6 16:04:32 EST 2009
On Fri, 6 Feb 2009 09:44:45 -0600
Gregory Zill <gregory at ...14510...> wrote:
> When I manually initiate the monitor (eth1) interface using 'ifconfig
> eth1 up promisc' it shows UP but then goes through the dhcp broadcast
> and NetworkManager wipes out /etc/resolv.conf and the primary
> interface (eth0) loses its default gateway, so I altogether lose
> network connectivity to this box. The eth1 interface then shows a
> 169.254.xx.xx address. Of course, I would prefer no address for the
> snort. I would appreciate any pointers in getting the eth1 monitoring
> interface to come up without destroying the primary network
> parameters. Thanks in advance.
iface eth0 inet manual
up ifconfig $IFACE up
down ifconfig $IFACE down
That is how we setup out IDS sensors to bring up the Sniffing interface
with out an IP. We let Snort set the interface to promiscuous mode.
"An armed society is a polite society. Manners are good when one may
have to back up his acts with his life." Robert A. Heinlein
"Fear is the father of servitude, and the captor of man. There cannot
be slavery without fear, nor freedom with it."
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 197 bytes
Desc: not available
More information about the Snort-users