Snort mailing list archives
Snort and Promiscuos Mode
From: "Frontgate Lab" <mdiwan () wagweb com>
Date: Tue, 09 Oct 2001 12:40:16 -0400
Hello everyone.. Just a few quick questions about Snort and Promiscuous mode on an Ethernet NIC. What are the consequenses of NOT enableing Promiscuos mode on the NIC and still running snort on it? IE what Situations would I be able to see traffic that is pertinent and in what situations would i not see something i should be watching out for? Most often the environment that Snort runs in is Switched sometimes these swithches are Vlan-ed, sometimes the switch is flat. It is unusual that the switch mirrors all its traffic to one switch port..but i can set up environments where this is possible.. what is the best approach for Snort IDS? Does running IDS on a switched port without promiscuos mode have any advantages for me if the IDS is running on a firewall ? One of the problems with promiscous mode in some of my environments is that it seems to suck packets away from thier intended targets, especially in UDp environs.. has anyone else experienced this? Are there any drawbacks to running snort on an interface without an IP?.. ie could i still put it into promiscuous mode if i had to and why would i want to do that? Please forgive some of the above redundency in language i simply want to explain my questions as clearly as possible. Thank you for any input to this topic. Madhav Diwan Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. Wagner Weber & Williams _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort and Promiscuos Mode Frontgate Lab (Oct 09)
- Re: Snort and Promiscuos Mode François Désarménien (Oct 09)