Snort mailing list archives

Re: Promiscuouls Mode Question

From: Jim Kipp <jkipp5 () home com>
Date: Sun, 02 Sep 2001 12:38:52 -0400


Seriously, look at the traffic.  Is it only traffic bound for your IP?  If so,
you're seeing what you should be when not in promisc mode.  If that's the
case, then yes, it's all working as it should.


that seems OK.


Try doing a 'tcpdump not host <foo>' with <foo> being your host.  If you see
traffic to/from other boxes other than ARP, then there is something kinda odd
going on.


I tried this and I saw alot of arp request traffice from all sorts of
hosts not on my network. I did this with no activity on my LAN.


Hope this helps!


Yes, it does. Thanks
Jim

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

What machine is that... Anyway? JC Rodz (Aug 31)
- Re: What machine is that... Anyway? Jim Zajkowski (Aug 31)
- <Possible follow-ups>
- RE: What machine is that... Anyway? Chris Eidem (Aug 31)
  - Promiscuouls Mode Question Jim Kipp (Sep 02)
    - Re: Promiscuouls Mode Question Erek Adams (Sep 02)
    - Re: Promiscuouls Mode Question Jim Kipp (Sep 02)
    - Re: Promiscuouls Mode Question J. Craig Woods (Sep 02)
    - Re: Promiscuouls Mode Question "s10" (Sep 02)
    - Re: Promiscuouls Mode Question Jim Kipp (Sep 02)
    - Alert_unixsock Anupam Bansal (Sep 02)
    - Re: Alert_unixsock Fyodor (Sep 03)
    - Message not available
    - Re: Alert_unixsock Fyodor (Sep 04)
    - Re: Alert_unixsock Fyodor (Sep 04)
    - Data structures in rules.h Anupam Bansal (Sep 25)
    - -A alert option Anupam Bansal (Sep 02)
    - Re: Promiscuouls Mode Question Fyodor (Sep 03)

(Thread continues...)