[Snort-users] snort daemon to listen to eth2 and eth3 in promiscuous mode
Kaushal Shriyan
kaushalshriyan at ...11827...
Tue Feb 19 07:58:22 EST 2013
On Tue, Feb 19, 2013 at 6:24 PM, Ayodele Okeowo <aymacro at ...11827...> wrote:
> Ok, to run Snort in inline mode your snort command will look different.
> How many interfaces do you have on your box?
>
> Ayo
>
Thanks Ayodele for the reply, I have 4 interfaces on the snort server with
the below details and please let me know if you need snort configs too.
#cat /tmp/interfaces
bond0 Link encap:Ethernet HWaddr E0:DB:55:05:D0:0C
inet addr:192.168.25.10 Bcast:192.168.73.255 Mask:255.255.255.0
inet6 addr: fe80::e2db:55ff:fe05:d00c/64 Scope:Link
UP BROADCAST RUNNING MASTER MULTICAST MTU:1500 Metric:1
RX packets:1902153 errors:0 dropped:0 overruns:0 frame:0
TX packets:250497 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:232394243 (221.6 MiB) TX bytes:93066331 (88.7 MiB)
eth0 Link encap:Ethernet HWaddr E0:DB:55:05:D0:0C
UP BROADCAST RUNNING SLAVE MULTICAST MTU:1500 Metric:1
RX packets:1101579 errors:0 dropped:0 overruns:0 frame:0
TX packets:250497 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:169722435 (161.8 MiB) TX bytes:93066331 (88.7 MiB)
Interrupt:194 Memory:d91a0000-d91b0000
eth1 Link encap:Ethernet HWaddr E0:DB:55:05:D0:0C
UP BROADCAST RUNNING SLAVE MULTICAST MTU:1500 Metric:1
RX packets:800574 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:62671808 (59.7 MiB) TX bytes:0 (0.0 b)
Interrupt:202 Memory:d91d0000-d91e0000
eth2 Link encap:Ethernet HWaddr E0:DB:55:05:D0:0E
inet6 addr: fe80::e2db:55ff:fe05:d00e/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:1 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:64 (64.0 b) TX bytes:492 (492.0 b)
Interrupt:210 Memory:d90a0000-d90b0000
eth3 Link encap:Ethernet HWaddr E0:DB:55:05:D0:0F
inet6 addr: fe80::e2db:55ff:fe05:d00f/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:1 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:64 (64.0 b) TX bytes:492 (492.0 b)
Interrupt:218 Memory:d90d0000-d90e0000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:104 errors:0 dropped:0 overruns:0 frame:0
TX packets:104 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5200 (5.0 KiB) TX bytes:5200 (5.0 KiB)
[root at ...2306... ~]#
Regards
Kaushal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130219/90f30035/attachment.html>
More information about the Snort-users
mailing list