RE: Help with setting up snort in "stealth mode"

[Jean-Pierre Harvey <jean-pierre.harvey () edivision com au>]

Michael,

The first thing I would do is force the interface mode and speed to the rest
of the network. I had exactly the same problem with snort not capturing any
packets because the interface was set to auto and had slipped into 100Full
when the rest of the network was running 10baseT. I hope your problem is
that simple.

The "errors" you are getting are normal when there is no address assigned.

Regards
JP 

-----Original Message-----
From: Michael Grenley [mailto:grenleym () agcs com]
Sent: Tuesday, August 14, 2001 8:25 AM

    I am trying to set up snort in stealth mode.  I have two interfaces,
eth0 and eth1.
eth0 is setup normally with an IP and eth1 is my snort interface setup
with no ip but the interface is "ifconfig'd up'd".   In addition, I am
using an ethertap so that I can see the traffic without a hub.  When I
try to sniff I see no traffic on the eth1 interface.  I have tried
tcpdump -n -i eth1 -p (and without the p).  When I start up snort, I see
the following message in the logs:


Aug 13 15:13:18 gnewt kernel: eth1: Setting promiscuous mode.
Aug 13 15:13:18 gnewt snort: WARNING: OpenPcap() device eth1 network
lookup:  ^ISIOCGIFADDR: eth1: Cannot assign requested address
Aug 13 15:13:18 gnewt snort: snort startup succeeded

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users