[Snort-users] Promiscuous mode

Noah Dietrich noah_dietrich at 86penny.org
Wed Aug 16 22:59:18 EDT 2017


you do not need to enable promiscuous mode explicitly on your virtual
machine.  When snort starts up, it will enable promiscuous mode
automatically  (one of the reasons you have to run snort as root, at least
initially).  Since you have already enabled promiscuous mode at the esx
vswitch level, you should not need to do anything else for snort to process
all packets seen on that vswitch.  A simple test would be write a simple
icmp rule, and ping between two different hosts on that same vswitch to see
if snort alerts on that packet.

Noah



On Sat, Aug 12, 2017 at 7:28 PM, aquarian_new via Snort-users <
snort-users at lists.snort.org> wrote:

> Hi,
>
> I believe you might have to do that. How else Snort might be able to see
> the traffic to inspect?
>
> Thanks,
> aquarian_new
>
>
> On Wednesday, 9 August 2017 6:24 PM, Rashid CORIA <rashid.coria at skylar.eu>
> wrote:
>
>
> Hi everybody !
>
> I activate the promiscuous of the virtual switch on my esx
> Should I also activate in the network interface of the snort virtual
> machine ?
>
> Bonjour tout le monde !
>
> J’ai active le mode promiscuous sur le switch virtuel de mon esx
> Est-ce que je dois l’activer aussi sur l’interface réseau de la machine
> snort qui se trouve dans mon esx ?
>
> *Rashid CORIA*
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.snort.org
> Go to this URL to change user options or unsubscribe:
> https://lists.snort.org/mailman/listinfo/snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.snort.org
> Go to this URL to change user options or unsubscribe:
> https://lists.snort.org/mailman/listinfo/snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170817/7a3ddf35/attachment.html>


More information about the Snort-users mailing list