Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snort on debian monitor interface dhcp

From: Gregory Zill <gregory () r3g net>
Date: Mon, 9 Feb 2009 08:09:00 -0600
More info on the current configs pertaining to the monitor int (eth1):

+-------------------------------------------------------------+
$ cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
    address 1.2.50.99
    gateway 1.2.50.3
    netmask 255.255.255.0
    network 1.2.50.0
    broadcast 1.2.50.255
    dns-nameservers 1.2.55.42 1.2.55.43

auto eth1
iface eth1 inet manual
    pre-up ifconfig eth1 up promisc
    post-down ifconfig eth1 down
+-------------------------------------------------------------+

+-------------------------------------------------------------+
$ /sbin/ifconfig eth1
eth1      Link encap:Ethernet  HWaddr 00:90:27:3C:C7:70
          inet addr:169.254.110.172  Bcast:169.254.255.255  Mask:255.255.0.0
          inet6 addr: fe80::290:27ff:fe3c:c770/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:178021252 dropped:0 overruns:0 frame:178021252
          TX packets:436 errors:146 dropped:0 overruns:0 carrier:150
          collisions:3385 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:76749 (74.9 KiB)
+-------------------------------------------------------------+

On Fri, Feb 6, 2009 at 9:44 AM, Gregory Zill <gregory () r3g net> wrote:

When I manually initiate the monitor (eth1) interface using 'ifconfig
eth1 up promisc' it shows UP but then goes through the dhcp broadcast
and NetworkManager wipes out /etc/resolv.conf and the primary
interface (eth0) loses its default gateway, so I altogether lose
network connectivity to this box. The eth1 interface then shows a
169.254.xx.xx address. Of course, I would prefer no address for the
snort. I would appreciate any pointers in getting the eth1 monitoring
interface to come up without destroying the primary network
parameters. Thanks in advance.



------------------------------------------------------------------------------
Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM)
software. With Adobe AIR, Ajax developers can use existing skills and code to
build responsive, highly engaging applications that combine the power of local
resources and data with the reach of the web. Download the Adobe AIR SDK and
Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: