RE: Snort on Linux Help

[Michael Aylor <maylor () swbanktx com>]

Oh yeah, thought of something else.


When you run ntsysv, does ipchains or iptables show as startup daemons?
If so, uncheck them, reboot.


Mike

-----Original Message-----
From: David Wilkeson [mailto:davelist () cboss com]
Sent: Monday, November 26, 2001 10:15 AM
To: Chris Grout; snort-users () lists sourceforge net
Subject: RE: [Snort-users] Snort on Linux Help


At 03:39 PM 11/21/2001 -0800, you wrote:
> I'll ask the dumb questions...
>
> 1.  With Snort or your Ethereal running, does 'ifconfig' really show
> that interface as being in promiscious mode?

Nope.  However, when I type "ifconfig eth0 promisc" it goes into 
promiscuous mode, but it doesn't change the output of ethereal or 
snort.  So to recap, the syslog indicates the interface entering and 
leaving promiscuous mode, but ifconfig does not report it in promiscuous

mode unless I manually put it into promiscuous mode.

> 2.  You are running this as root or with root priveledges right?  I'd
> expect it to complain loudly if you weren't but figured I'd ask
anyways.
> You do need root privs to put the NIC in to promisc mode and it sounds
> like syslog is reporting it as working. (but these are thee dumb
> questions)

Yes I am.

> 3.  What brand of Linux?  RedHat? Debian? Suse?

Redhat, loaded by Dell.

> 4.  With it running, do a 'netstat -i' (obsfucate your IP just to be
> safe), and send me the output.  I think '-i' works in linux...

Are you sure that's the one you want?  It really doesn't show much of 
anything other than counters.

Dave



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Attachment: smime.p7s
Description: