[Snort-users] snort on debian monitor interface dhcp
gregory at ...14510...
Mon Feb 9 09:33:59 EST 2009
> Date: Fri, 6 Feb 2009 15:28:26 -0500 (EST)
> Subject: Re: [Snort-users] snort on debian monitor interface dhcp
> Cc: snort-users at lists.sourceforge.net
> I do not understand why you are doing that.
> run 'sudo dpkg-reconfigure snort' and select the correct response to
> enable/disable promiscuous mode. When you are done reconfiguring snort, it
> will automatically be started.
> use 'sudo invoke-rc.d snort start' when you want to turn snort on, it will
> start as configured.
> I have no idea why you are using 'ifconfig eth1 up promisc'.
> I suggest 'man interfaces' and 'sudo vim /etc/network/interfaces'
When the system is started/re-started, it grabs a 169.254.x.x address
as the result of unsuccessful dhcp -- and yes I have tcpdump'd this
activity -- however there is no content in /etc/resolv.conf and no
default route. I manually add those two critical items and it is at
that point that I manually 'ifconfig eth1 up promisc' to not only
re-engage the interface but to coax into not dhcp'ing.
I have unfortunately installed via source, so dpkg does not know
anything about snort.
$ snort -V
,,_ -*> Snort! <*-
o" )~ Version 126.96.36.199 (Build 22)
'''' By Martin Roesch & The Snort Team: http://www.snort.org/team.html
(C) Copyright 1998-2008 Sourcefire Inc., et al.
Using PCRE version: 188.8.131.52 2008-07-04
$ sudo dpkg-reconfigure snort
Package `snort' is not installed and no info is available.
Use dpkg --info (= dpkg-deb --info) to examine archive files,
and dpkg --contents (= dpkg-deb --contents) to list their contents.
/usr/sbin/dpkg-reconfigure: snort is not installed
More information about the Snort-users