Snort mailing list archives
Stealth interface not seeing any IP traffic
From: "David G. Humes" <dhumes001 () comcast net>
Date: 22 Jan 2005 21:02:08 -0500
I just setup a system for running snort at home and I'm having a problem with the monitoring interface not seeing any IP traffic. If I do a tcpdump on the monitoring interface all I see is the usual boatload of arp requests and an occasional igmp message. It's a Redhat 9 system with libpcap-0.8.3. The monitoring interface is plugged into a port on a hub that sits between my cable modem my router/switch. FWIW the hub is a Linksys NH1005-WM. Here's the configuration of eth1. eth1 Link encap:Ethernet HWaddr 00:01:02:C9:D6:53 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:44499 errors:0 dropped:0 overruns:0 frame:0 TX packets:2 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:2673544 (2.5 Mb) TX bytes:120 (120.0 b) Interrupt:10 Base address:0x1480 Here's my /etc/sysconfig/network-scripts/ifcfg-eth1 file. TYPE=Ethernet DEVICE=eth1 BOOTPROTO=static ONBOOT=yes IPADDR=0.0.0.0 I've also tried setting eth1 noarp and promisc, but that does not make any difference. And I tried giving the interface an address and that didn't help either. I know the interface works, as I have used it as the management interface to the sensor. Any thoughts? ------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Stealth interface not seeing any IP traffic David G. Humes (Jan 22)
- <Possible follow-ups>
- RE: Stealth interface not seeing any IP traffic Ron Jenkins (Jan 22)
- Re: Stealth interface not seeing any IP traffic Dave Humes (Jan 23)
- Re: Stealth interface not seeing any IP traffic Rich Adamson (Jan 23)
- Re: Stealth interface not seeing any IP traffic Dave Humes (Jan 23)