Snort mailing list archives
RE: eth0 going in and out of promiscuous mode?
From: "Jason Smith" <jsmith () firstcellular com>
Date: Tue, 17 Jul 2001 16:41:44 -0500
It does enter prom mode but after some time, once it was about 24 hrs another it was about 48 hrs, it then leaves prom mode and snort stops running. Why, I dont' know. There is no core or any other messages in /var/log/message, so I'm at a lose. I'm running snort-1.8p1. With the rules that came with it. Start up is /usr/local/bin/snort -A full -bs -u 501 -g 101 -c /etc/snort/snort.conf -D. Everything seems to work fine snort just dies after a while. I'm setting up daemontools per Ralf Hildebrandt suggestion so that should solve the problem temporarily but it doesn't solve the problem of why snort dies. Any other info you want just let me know. Jason -----Original Message----- From: Jeff Ito [mailto:jeffi () rcn com] Sent: Tuesday, July 17, 2001 4:27 PM To: Jason Smith Cc: snort-users () lists sourceforge net Subject: RE: [Snort-users] eth0 going in and out of promiscuous mode? For the device to enter promisc. mode is what is supposed to happen. (on the interface that is actually doing the IDS) as for the process stopping, more information is needed. Jeff Ito
Snort on my machine is doing the same thing except that it is running for
a
day or two then it stops running. I don't know why, the only message that it leaves
is
with syslog say it has left promiscuous mode. Jason =|=|= Jason Smith IT Intern First Cellular of Southern Illinois jsmith () firstcellular com On Tue, Jul 17, 2001 at 03:06:13PM -0400, Darrin Powell wrote:Is it normal for my eth0 to go in and out of mode? kernel: device eth0 left promiscuous mode Jul 17 15:02:14 name kernel: eth0: Setting promiscuous mode. Jul 17 15:02:14 name kernel: device eth0 entered promiscuous mode Jul 17 15:02:17 name kernel: device eth0 left promiscuous mode_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- eth0 going in and out of promiscuous mode? Darrin Powell (Jul 17)
- Re: eth0 going in and out of promiscuous mode? Ralf Hildebrandt (Jul 17)
- <Possible follow-ups>
- RE: eth0 going in and out of promiscuous mode? Jason Smith (Jul 17)
- RE: eth0 going in and out of promiscuous mode? Jeff Ito (Jul 17)
- RE: eth0 going in and out of promiscuous mode? Jason Smith (Jul 17)