[Snort-users] snort on debian monitor interface dhcp

Gregory Zill gregory at ...14510...
Mon Feb 9 09:33:59 EST 2009


> Date: Fri, 6 Feb 2009 15:28:26 -0500 (EST)
> Subject: Re: [Snort-users] snort on debian monitor interface dhcp
> Cc: snort-users at lists.sourceforge.net
>
> I do not understand why you are doing that.
>
> run 'sudo dpkg-reconfigure snort' and select the correct response to
> enable/disable promiscuous mode. When you are done reconfiguring snort, it
> will automatically be started.
>
> use 'sudo invoke-rc.d snort start' when you want to turn snort on, it will
> start as configured.
>
> I have no idea why you are using 'ifconfig eth1 up promisc'.
>
> I suggest 'man interfaces' and 'sudo vim /etc/network/interfaces'

Restated:
When the system is started/re-started, it grabs a 169.254.x.x address
as the result of unsuccessful dhcp -- and yes I have tcpdump'd this
activity -- however there is no content in /etc/resolv.conf and no
default route. I manually add those two critical items and it is at
that point that I manually 'ifconfig eth1 up promisc' to not only
re-engage the interface but to coax into not dhcp'ing.

I have unfortunately installed via source, so dpkg does not know
anything about snort.

$ snort -V

   ,,_     -*> Snort! <*-
  o"  )~   Version 2.8.3.2 (Build 22)
   ''''    By Martin Roesch & The Snort Team: http://www.snort.org/team.html
           (C) Copyright 1998-2008 Sourcefire Inc., et al.
           Using PCRE version: 6.7.7.4 2008-07-04

$ sudo dpkg-reconfigure snort
Package `snort' is not installed and no info is available.
Use dpkg --info (= dpkg-deb --info) to examine archive files,
and dpkg --contents (= dpkg-deb --contents) to list their contents.
/usr/sbin/dpkg-reconfigure: snort is not installed




More information about the Snort-users mailing list