[Snort-users] snort on debian monitor interface dhcp

Gregory Zill gregory at ...14510...
Mon Feb 9 09:09:00 EST 2009


More info on the current configs pertaining to the monitor int (eth1):

+-------------------------------------------------------------+
$ cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
    address 1.2.50.99
    gateway 1.2.50.3
    netmask 255.255.255.0
    network 1.2.50.0
    broadcast 1.2.50.255
    dns-nameservers 1.2.55.42 1.2.55.43

auto eth1
iface eth1 inet manual
    pre-up ifconfig eth1 up promisc
    post-down ifconfig eth1 down
+-------------------------------------------------------------+

+-------------------------------------------------------------+
$ /sbin/ifconfig eth1
eth1      Link encap:Ethernet  HWaddr 00:90:27:3C:C7:70
          inet addr:169.254.110.172  Bcast:169.254.255.255  Mask:255.255.0.0
          inet6 addr: fe80::290:27ff:fe3c:c770/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:178021252 dropped:0 overruns:0 frame:178021252
          TX packets:436 errors:146 dropped:0 overruns:0 carrier:150
          collisions:3385 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:76749 (74.9 KiB)
+-------------------------------------------------------------+

On Fri, Feb 6, 2009 at 9:44 AM, Gregory Zill <gregory at ...14510...> wrote:
> When I manually initiate the monitor (eth1) interface using 'ifconfig
> eth1 up promisc' it shows UP but then goes through the dhcp broadcast
> and NetworkManager wipes out /etc/resolv.conf and the primary
> interface (eth0) loses its default gateway, so I altogether lose
> network connectivity to this box. The eth1 interface then shows a
> 169.254.xx.xx address. Of course, I would prefer no address for the
> snort. I would appreciate any pointers in getting the eth1 monitoring
> interface to come up without destroying the primary network
> parameters. Thanks in advance.
>




More information about the Snort-users mailing list