[Snort-users] snort daemon to listen to eth2 and eth3 in promiscuous mode

Ayodele Okeowo aymacro at ...11827...
Tue Feb 19 07:54:24 EST 2013


Ok, to run Snort in inline mode your snort command will look different. How
many interfaces do you have on your box?

Ayo


On Tue, Feb 19, 2013 at 7:29 AM, Kaushal Shriyan
<kaushalshriyan at ...11827...>wrote:

>
>
> On Tue, Feb 19, 2013 at 5:54 PM, Ayodele Okeowo <aymacro at ...11827...> wrote:
>
>> What command do you type when running snort in inline? You will have to
>> pair both interfaces in order to use both for sniffing.
>>
>> Paste your command on here and let's see. :)
>>
>> Ayo
>>
>>
> Thanks Ayo for the quick reply and i start snort using init script on
> CentOS 5.8 with the below mentioned details
>
> [root at ...2306... ~]# /etc/init.d/snortd status
> snort (pid 17573) is running...
> [root at ...2306... ~]# ps aux | grep snort
> snort    17573  0.0  0.2 417000 71064 ?        Ssl  17:21   0:00
> /usr/sbin/snort -A fast -b -d -D -i eth2 -u snort -g snort -c
> /etc/snort/snort.conf -l /var/log/snort
> root     17647  0.0  0.0  61172   752 pts/0    S+   17:58   0:00 grep snort
> [root at ...2306... ~]#
>
> Regards
>
> Kaushal
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130219/a2eb10f7/attachment.html>


More information about the Snort-users mailing list