Snort mailing list archives
FreeBSD promisc not working properly
From: B Keffer <kefferb () wam umd edu>
Date: Fri, 3 Aug 2001 10:31:10 -0400 (EDT)
I just noticed a problem with snort on my FreeBSD 4.1 firewall. I am running snort Version 1.8-RELEASE (Build 43) Snort running on the external interface does not seem to be catching all network traffic despite being in promiscuous mode while the inside interface works. The firewall has two identical interfaces internal/external each one runs a separate snort process listening. Configuration files are nearly identical only the IP's are different. I start snort on the external net with '/usr/local/bin/snort -c /etc/snort/snort.dmz.conf -D -i ed0' and similarly on the internal. The logs report /kernel: ed0: promiscuous mode enabled and ifconfig reports the interface in promiscuous ed0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 Also if I run tcpdump I can sniff all traffic on the external network Despite all this snort on the external interface will not catch traffic which is not destined for the machine while the internal interface catches everything correctly. I just upgraded to 1.8 because I was having similar problems on 1.7. It had worked at one time and sorry but I don't know what caused it to stop working. Any ideas why this would happen? Any help would be appreciated Thanks Brian _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- FreeBSD promisc not working properly B Keffer (Aug 03)
- Snort Segmentation Fault George D. Nincehelser (Aug 03)