[Snort-users] snort daemon to listen to eth2 and eth3 in promiscuous mode

Kaushal Shriyan kaushalshriyan at ...11827...
Tue Feb 19 06:54:10 EST 2013


On Tue, Feb 19, 2013 at 5:20 PM, Ray Caparros <arcy24 at ...11827...> wrote:

> Kaushal,
>
> I believe in CentOS you can set your interfaces by running ifconfig eth2
> promisc. You should be able to do the same thing on your other interface.
>
>
Hi Ray,

Thanks for the quick reply when i check for snort process i can see only
eth2 and not eth3 and /sbin/ifconfig for eth2 and eth3 is already set to
PROMISC mode. Please suggest further.

[root at ...2306... ~]# ps aux | grep snort
snort    17573  0.0  0.2 417000 71064 ?        Ssl  17:21   0:00
/usr/sbin/snort -A fast -b -d -D -i eth2 -u snort -g snort -c
/etc/snort/snort.conf -l /var/log/snort
root     17579  0.0  0.0  61172   752 pts/0    S+   17:21   0:00 grep snort
[root at ...2306... ~]# /sbin/ifconfig eth2
eth2      Link encap:Ethernet  HWaddr E0:DB:55:05:D0:0E
          inet6 addr: fe80::e2db:55ff:fe05:d00e/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:1 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:64 (64.0 b)  TX bytes:492 (492.0 b)
          Interrupt:210 Memory:d90a0000-d90b0000

[root at ...2306... ~]# /sbin/ifconfig eth3
eth3      Link encap:Ethernet  HWaddr E0:DB:55:05:D0:0F
          inet6 addr: fe80::e2db:55ff:fe05:d00f/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:1 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:64 (64.0 b)  TX bytes:492 (492.0 b)
          Interrupt:218 Memory:d90d0000-d90e0000

[root at ...2306... ~]#

Regards

Kaushal


On Feb 19, 2013 6:14 AM, "Kaushal Shriyan" <kaushalshriyan at ...11827...> wrote:
>
>> Hi,
>>
>> I have set eth2 and eth3 ethernet interface to promiscuous mode on CentOS
>> 5.8. is there a way to set it permanently on snort config ->
>> /etc/snort/snort.conf or do i need to edit any configuration file? Please
>> suggest.
>>
>> Regards,
>>
>> Kaushal
>>
>>
>> ------------------------------------------------------------------------------
>> Everyone hates slow websites. So do we.
>> Make your web apps faster with AppDynamics
>> Download AppDynamics Lite for free today:
>> http://p.sf.net/sfu/appdyn_d2d_feb
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130219/70aa0e50/attachment.html>


More information about the Snort-users mailing list