Re: no ip address on interface

[Matt Kettler <mkettler () evi-inc com>]

I run this kind of configuration on OpenBSD 2.8 and have no problems. The 
only unusual bit is that the interface with no IP address has to be forced 
up, default boot leaves it down.

I run with: snort -k none -D -i rl1 -c /etc/snort.conf

and the -k is just because the snort box is right behind a router that 
doesn't forward corrupted packets, so why waste the time checking checksums.


I'd make sure with tcpdump that the traffic of interest is actually 
appearing on that interface. Are you sure that port isn't on a normal 
switch port or something of the sort? tcpdump uses libpcap to grab packets, 
just like snort does, so it's a good first test.

At 11:19 AM 11/21/2001, Ronneil Camara wrote:
> Hi Guys,
>
> I'm using openbsd with 2 nics. I didn't assign an ip on my
> /etc/hostname.fxp1 but I did on /etc/hostname.fxp0. I tried running
> snort but it couldn't see any traffic. This is the command that I run;
> snort -D -i fxp1 -l /var/log/snort -c /etc/snort
>
> Do I have to edit or recompile my kernel to add support for something,
> like pseudo-device for this to work?
> Btw, the content of my hostname.fxp1 is media 10baseT up
>
> and when I ifconfig fxp1, it says, it's UP, PROMISC and so on.
>
> Thanks guys.
>
> Neil
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users