[Snort-users] snort on debian monitor interface dhcp

Craig Van Tassle craig at ...14366...
Fri Feb 6 16:04:32 EST 2009

On Fri, 6 Feb 2009 09:44:45 -0600
Gregory Zill <gregory at ...14510...> wrote:

> When I manually initiate the monitor (eth1) interface using 'ifconfig
> eth1 up promisc' it shows UP but then goes through the dhcp broadcast
> and NetworkManager wipes out /etc/resolv.conf and the primary
> interface (eth0) loses its default gateway, so I altogether lose
> network connectivity to this box. The eth1 interface then shows a
> 169.254.xx.xx address. Of course, I would prefer no address for the
> snort. I would appreciate any pointers in getting the eth1 monitoring
> interface to come up without destroying the primary network
> parameters. Thanks in advance.

auto eth0
iface eth0 inet manual
	up ifconfig $IFACE up
        down ifconfig $IFACE down

Try that. 

That is how we setup out IDS sensors to bring up the Sniffing interface
with out an IP. We let Snort set the interface to promiscuous mode.
"An armed society is a polite society. Manners are good when one may
have to back up his acts with his life." Robert A. Heinlein

"Fear is the father of servitude, and the captor of man. There cannot
be slavery without fear, nor freedom with it."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20090206/b705477f/attachment.sig>

More information about the Snort-users mailing list