Snort mailing list archives

RE: OBSD / PROMISCUOUS

From: "Andre' M. DiMino" <tsamp77 () optonline net>
Date: Mon, 19 Sep 2005 11:46:55 -0400

I bring up my non-IP nics directly with ifconfig:


ifconfig eth1 up promisc

 

It brings up the nic without an IP address and puts it in promiscuous mode.

 

HTH.

 

Andre'

SemperSecurus

 

  _____  

From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Sean Kiewiet
Sent: Monday, September 19, 2005 10:00 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] OBSD / PROMISCUOUS

 

Hey all:

 

OBSD3.7

SNORT2.3.3

 

I have a machine with 4 nics running 4 instances of snort:

 

/usr/local/bin/snort -u sguil -g sguil -l /nsm/em0 -c
/etc/snort/em0.snort.conf -U -A none -m 122 -i em0 -D /usr/local/bin/snort
-u sguil -g sguil -l /nsm/em1 -c /etc/snort/em1.snort.conf -U -A none -m 122
-i em1 -D /usr/local/bin/snort -u sguil -g sguil -l /nsm/em2 -c
/etc/snort/em2.snort.conf -U -A none -m 122 -i em2 -D /usr/local/bin/snort
-u sguil -g sguil -l /nsm/em3 -c /etc/snort/em3.snort.conf -U -A none -m 122
-i em3 -D

 

One of the 4 nics has an ip address, the others do not.  

When I start up the 4 instances of snort, the nic (em0) with the ip address
shows up in promiscuous mode, the others do not.

 

# ifconfig -a

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33224

        inet 127.0.0.1 netmask 0xff000000

        inet6 ::1 prefixlen 128

        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8

em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500

        address: 00:04:23:bd:ab:d6

        media: Ethernet autoselect (1000baseT full-duplex)

        status: active

        inet 10.1.1.3 netmask 0xffffff00 broadcast 10.1.1.255

        inet6 fe80::204:23ff:febd:abd6%em0 prefixlen 64 scopeid 0x1

em1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500

        address: 00:04:23:bd:ab:d7

        media: Ethernet autoselect (1000baseT full-duplex)

        status: active

em2: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500

        address: 00:14:22:0f:84:2b

        media: Ethernet autoselect (1000baseT full-duplex)

        status: active

em3: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500

        address: 00:14:22:0f:84:2c

        media: Ethernet autoselect (100baseTX full-duplex)

        status: active

pflog0: flags=0<> mtu 33224

pfsync0: flags=0<> mtu 2020

enc0: flags=0<> mtu 1536

#

 

How do I get the other 3 ip-less nics to run in promiscuous mode in OBSD?

 

Any help would be appreciated.

 

Sean

Current thread:

OBSD / PROMISCUOUS Sean Kiewiet (Sep 19)
- RE: OBSD / PROMISCUOUS Andre' M. DiMino (Sep 19)
- <Possible follow-ups>
- RE: OBSD / PROMISCUOUS Paul Melson (Sep 19)