Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Sniffing stealth mode

From: "Watson, Ed" <EWatson () lightspan com>
Date: Wed, 24 Sep 2003 09:25:47 -0700
Hi All,
        I've read the docs/FAQ and as much as I can find on the net but
still can't find the answer.

RH9
Apache
Acid
Mysql
Built with document: http://www.snort.org/docs/snort_acid_rh9.pdf

        I've got two nics. One with IP and one without. Eth0 has IP, Eth1 is
up in promisc with no IP using '#ifconfig eth1 up'. I can't seem to get
snort to listen to eth1 instead of eth0.

If I use 'var HOME_NET any' I get:

/usr/local/bin/snort -c /etc/snort/conf/snort.conf -i eth0 -D

I've tried these below but snort wont start:

var HOME_NET $eth1_ADDRESS
var HOME_NET $eth1_0.0.0.0
var HOME_NET $eth1

Can someone tell me what I'm doing wrong?

Thanks,
Ed


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: