Snort mailing list archives
Promiscuous mode (again)
From: "snortlst snortlst" <snortlst () hotmail com>
Date: Tue, 18 Sep 2001 10:47:26 -0500
from the FAQ: Run Snort in sniffer mode (snort -dvi eth0) and make sure it can see the packets. Then run it with the HOME_NET set appropriately for the network you're defending in your rules file. A default rules file comes with the snort distribution and is called "snort.conf" You can run this basic ruleset with the following command line: snort -Afull -c snort.conf If it's all set right, once it's running do an "ifconfig -a" and make sure the interface is in promiscuous mode (it'll say so in the options section of the printout). If it's not, there should be a way to set it manually. So according to that it is mandatory to have NIC in promiscuous mode on snort machine.....one of the guys send me an answer that it is not mandatory..... Can anybody clarify this issue? (On the other hand - what's the use of having promiscuous mode if we use swithches on the network?)
Current thread:
- Promiscuous mode (again) snortlst snortlst (Sep 18)
- Re: Promiscuous mode (again) Erek Adams (Sep 18)