Snort mailing list archives

Help with setting up snort in "stealth mode"

From: Michael Grenley <grenleym () agcs com>
Date: Mon, 13 Aug 2001 15:25:19 -0700

    I am trying to set up snort in stealth mode.  I have two interfaces,
eth0 and eth1.
eth0 is setup normally with an IP and eth1 is my snort interface setup
with no ip but the interface is "ifconfig'd up'd".   In addition, I am
using an ethertap so that I can see the traffic without a hub.  When I
try to sniff I see no traffic on the eth1 interface.  I have tried
tcpdump -n -i eth1 -p (and without the p).  When I start up snort, I see
the following message in the logs:


Aug 13 15:13:18 gnewt kernel: eth1: Setting promiscuous mode.
Aug 13 15:13:18 gnewt snort: WARNING: OpenPcap() device eth1 network
lookup:  ^ISIOCGIFADDR: eth1: Cannot assign requested address
Aug 13 15:13:18 gnewt snort: snort startup succeeded


What am I doing wrong?  Have I missed something?



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Help with setting up snort in "stealth mode" Michael Grenley (Aug 13)
- <Possible follow-ups>
- RE: Help with setting up snort in "stealth mode" Jean-Pierre Harvey (Aug 13)