RE: Snort on Linux Help

[David Wilkeson <davelist () cboss com>]

At 03:39 PM 11/21/2001 -0800, you wrote:
> I'll ask the dumb questions...
>
> 1.  With Snort or your Ethereal running, does 'ifconfig' really show
> that interface as being in promiscious mode?

Nope.  However, when I type "ifconfig eth0 promisc" it goes into 
promiscuous mode, but it doesn't change the output of ethereal or 
snort.  So to recap, the syslog indicates the interface entering and 
leaving promiscuous mode, but ifconfig does not report it in promiscuous 
mode unless I manually put it into promiscuous mode.

> 2.  You are running this as root or with root priveledges right?  I'd
> expect it to complain loudly if you weren't but figured I'd ask anyways.
> You do need root privs to put the NIC in to promisc mode and it sounds
> like syslog is reporting it as working. (but these are thee dumb
> questions)

Yes I am.

> 3.  What brand of Linux?  RedHat? Debian? Suse?

Redhat, loaded by Dell.

> 4.  With it running, do a 'netstat -i' (obsfucate your IP just to be
> safe), and send me the output.  I think '-i' works in linux...

Are you sure that's the one you want?  It really doesn't show much of 
anything other than counters.

Dave



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users