Snort mailing list archives
RE: Promiscuous mode
From: "Gene Gomez" <gegomez () tycoint com>
Date: Thu, 31 Oct 2002 12:52:53 -0800
Same here; I'm running Snort 1.9.0 on Red Hat 8.0. Here's a sample from my
logs:
Oct 31 09:02:41 shadowcat kernel: device eth0 entered promiscuous mode
Oct 31 09:02:41 shadowcat snort: Initializing daemon mode
Oct 31 09:02:41 shadowcat kernel: device eth0 left promiscuous mode
I've got two interfaces and two instances of snort; same occurs on both. I
"fixed" it by adding this to my startup script:
ifconfig eth0 promisc
ifconfig eth1 promisc
And this to my stop script:
ifconfig eth0 -promisc
ifconfig eth1 -promisc
Pretty lame, but it gets it working. :)
Gene
-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]On Behalf Of Eli Stair
Sent: Thursday, October 31, 2002 1:20 PM
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Promiscuous mode
I'm having the same issue as you guys. Snort 1.9 CVS current, kernel
2.4.19.
It was happening with 1.8.7 as well.
/eli
On Wed, 30 Oct 2002 17:30:12 +0000
quentyn () fotango com wrote:
Paul Enlund wrote:Tried upgrading from Snort 1.8.6 to 1.9 on a Debian 2.2.20 system and I find that the eth0 interface enters promiscuous mode then returns back to normal. Options used are. start-stop-daemon --start --quiet --exec $DAEMON -- \ -D -c /etc/snort/snort.conf \ -l /var/log/snort/ \ -b I also tried 1.8.7 and this also suffers the same problem I find with 1.9 Anybody seen this before and know the solution ? Paul Enlund
http://groups.google.com/groups?q=quentyn&hl=en&lr=&ie=UTF-8&oe=UTF-8&scorin g=d&selm=amdaji%24kc1%241%40FreeBSD.csie.NCTU.edu.tw&rnum=5
I saw it as well however when I built a new snort box with snort 1.9.0 the problem hasn't manifested it's self yet ( I had forgotten till I saw your post) I *think* it was a bug in 1.8.7 though with no proof or time to investigate I left it Q -- ##################### Quentyn Taylor Sysadmin - Fotango ##################### There's too much blood in my caffeine system.
------------------------------------------------------- This sf.net email is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0004en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Promiscuous mode Paul Enlund (Oct 30)
- Re: Promiscuous mode Derek Glidden (Oct 30)
- Re: Promiscuous mode quentyn (Oct 30)
- Re: Promiscuous mode Eli Stair (Oct 31)
- RE: Promiscuous mode Gene Gomez (Oct 31)
- Re: Promiscuous mode Eli Stair (Oct 31)