Snort mailing list archives
Re: Promiscuouls Mode Question
From: Erek Adams <erek () theadamsfamily net>
Date: Sun, 2 Sep 2001 09:23:39 -0700 (PDT)
On Sun, 2 Sep 2001, Jim Kipp wrote:
If I run snort or tcpdump(on eth0), then do ifconfig -a eth0, it does not report PROMISC. Only when I manually set promisc does it report it. But tcpdump seems to be sniffing everything. Is this normal?
Well, I'm not a cable modem user, but I play one in 'The Young and The Restless'... ;-) Seriously, look at the traffic. Is it only traffic bound for your IP? If so, you're seeing what you should be when not in promisc mode. If that's the case, then yes, it's all working as it should. Try doing a 'tcpdump not host <foo>' with <foo> being your host. If you see traffic to/from other boxes other than ARP, then there is something kinda odd going on. Hope this helps! ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- What machine is that... Anyway? JC Rodz (Aug 31)
- Re: What machine is that... Anyway? Jim Zajkowski (Aug 31)
- <Possible follow-ups>
- RE: What machine is that... Anyway? Chris Eidem (Aug 31)
- Promiscuouls Mode Question Jim Kipp (Sep 02)
- Re: Promiscuouls Mode Question Erek Adams (Sep 02)
- Re: Promiscuouls Mode Question Jim Kipp (Sep 02)
- Re: Promiscuouls Mode Question J. Craig Woods (Sep 02)
- Re: Promiscuouls Mode Question "s10" (Sep 02)
- Re: Promiscuouls Mode Question Jim Kipp (Sep 02)
- Alert_unixsock Anupam Bansal (Sep 02)
- Re: Alert_unixsock Fyodor (Sep 03)
- Message not available
- Re: Alert_unixsock Fyodor (Sep 04)
- Re: Alert_unixsock Fyodor (Sep 04)
- Data structures in rules.h Anupam Bansal (Sep 25)
- Promiscuouls Mode Question Jim Kipp (Sep 02)
- -A alert option Anupam Bansal (Sep 02)