Snort mailing list archives
RE: stealth interface
From: "Wirth, Jeff" <WirthJe () DNB com>
Date: Tue, 1 Oct 2002 16:59:45 -0400
From: Dallas Jordan [mailto:DJordan () sawgrassink com]
I am pretty new to snort, so forgive my ignorance. I have FreeBSD 4.5 and Snort 1.8.1. I am trying to set Snort up to monitor an interface with no IP
I would upgrade to 1.8.7...lots of fixes
address. But I cant seem to get it to log anything to the /var/log/snort directory. When I start Snort everything appears to be fine. I use the -v flag to see if it is "seeing" anything, and I can see lots of
<snip>
!$HOME_NET. Don't know if that helps anyone. I also have another NIC with a IP address that I will use to access the snort box. If I set up snort to monitor this interface, it works as it should. Everything gets logged into
How is your first nic configured in rc.conf? Does ifconfig report the nic as up?
directories according to IP addresses. I also have a rule that alerts to all TCP traffic, just to check if SnortSnarf is working correctly with my alert file. When Snort is monitoring the interface with no IP no alerts are logged. But they are logged, when monitoring the interface with an IP. I am sure it is something simple I'm missing, but I cant figure it out. Thanks for any help you can give.
sounds OS related to me. - Jeff ------------------------------------------------------- This sf.net email is sponsored by: DEDICATED SERVERS only $89! Linux or FreeBSD, FREE setup, FAST network. Get your own server today at http://www.ServePath.com/indexfm.htm _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- stealth interface Dallas Jordan (Oct 01)
- <Possible follow-ups>
- RE: stealth interface Wirth, Jeff (Oct 01)
- RE: stealth interface Dallas Jordan (Oct 01)
- Re: stealth interface Mike Beal (Oct 01)
- Re: stealth interface Joe Matusiewicz (Oct 02)
- RE: stealth interface Matt Yackley (Oct 02)
- Re: stealth interface Jon Quiros (Oct 02)
- Re: 2 sensors/1 interface? Martin Olsson (Oct 02)
- RE: stealth interface Dallas Jordan (Oct 02)