Snort mailing list archives

RE: Setting the nic up ??

From: "Walgamotte, David" <david.walgamotte () wild net>
Date: Mon, 10 Jun 2002 17:28:33 -0500


Similar, however the mtu is 1500. It just seems to pickup arp packets. Its
is also plugged into a switch directly connected to the internet. I started
up snort and nothing, here is the ifconfig -a

bash-2.00# ifconfig -a
lo0: flags=849<UP,LOOPBACK,RUNNING,MULTICAST> mtu 8232
        inet 127.0.0.1 netmask ff000000
hme1: flags=8c3<UP,BROADCAST,RUNNING,NOARP,MULTICAST> mtu 1500
        inet 0.0.0.0 netmask 0
        ether 8:0:20:b2:f7:e3


Here is the snort startup and summary.


---------------------------------------------------------------
Startup
-----------------------------------------------------------------

bash-2.00# /usr/local/sbin/start_snort
Log directory = /usr/local/snort/logs

Initializing Network Interface hme1

        --== Initializing Snort ==--
Decoding Ethernet on interface hme1
Initializing Preprocessors!
Initializing Plug-ins!
Initializating Output Plugins!
Parsing Rules file /usr/local/snort/snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
No arguments to frag2 directive, setting defaults to:
    Fragment timeout: 60 seconds
    Fragment memory cap: 4194304 bytes
Stream4 config:
    Stateful inspection: ACTIVE
    Session statistics: INACTIVE
    Session timeout: 30 seconds
    Session memory cap: 8388608 bytes
    State alerts: INACTIVE
    Scan alerts: ACTIVE
    Log Flushed Streams: INACTIVE
No arguments to stream4_reassemble, setting defaults:
     Reassemble client: ACTIVE
     Reassemble server: INACTIVE
     Reassemble ports: 21 23 25 53 80 143 110 111 513
     Reassembly alerts: ACTIVE
     Reassembly method: FAVOR_OLD
Back Orifice detection brute force: DISABLED
Using LOCAL time
1243 Snort rules read...
1243 Option Chains linked into 152 Chain Headers
0 Dynamic rules
+++++++++++++++++++++++++++++++++++++++++++++++++++

Rule application order: ->activation->dynamic->alert->pass->log

        --== Initialization Complete ==--

-*> Snort! <*-
Version 1.8.6 (Build 105)
By Martin Roesch (roesch () sourcefire com, www.snort.org)





----------------------------------------------------------------------------
-----------
Summary after crtl c
----------------------------------------------------------------------------
------------
============================================================================
===
Snort analyzed 16 out of 16 packets, The kernel dropped 0(0.000%) packets

Breakdown by protocol:                Action Stats:
    TCP: 0          (0.000%)          ALERTS: 0
    UDP: 0          (0.000%)          LOGGED: 0
   ICMP: 0          (0.000%)          PASSED: 0
    ARP: 16         (100.000%)
   IPv6: 0          (0.000%)
    IPX: 0          (0.000%)
  OTHER: 0          (0.000%)
DISCARD: 0          (0.000%)
============================================================================
===
Fragmentation Stats:
Fragmented IP Packets: 0          (0.000%)
    Fragment Trackers: 0
   Rebuilt IP Packets: 0
   Frag elements used: 0
Discarded(incomplete): 0
   Discarded(timeout): 0
  Frag2 memory faults: 0
============================================================================
===
TCP Stream Reassembly Stats:
        TCP Packets Used: 0          (0.000%)
         Stream Trackers: 0
          Stream flushes: 0
           Segments used: 0
   Stream4 Memory Faults: 0
============================================================================
===
Snort received signal 2, exiting


Thanks Dave



-----Original Message-----
From: D W [mailto:esecure1 () yahoo com] 
Sent: Monday, June 10, 2002 4:49 PM
To: Walgamotte, David; 'snort-users () lists sourceforge net'
Subject: Re: [Snort-users] Setting the nic up ??


David,

This should do the trick for you.....

ifconfig <interface> plumb -arp

Use the command, ifconfig -a to see if the card is
working properly. You should see an output similar to
this:

Flags=8c3<UP, BROADCAST, RUNNING, NOARP, MULTICAST>

mtu 4352

inet 0.0.0.0 netmask 0

ether 8:0:20:f0:0:ba

--- "Walgamotte, David" <david.walgamotte () wild net>
wrote:

Anyone know how to put a nic in promiscuous mode
without an ip in
solaris.
 
David



__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

Current thread:

Setting the nic up ?? Walgamotte, David (Jun 10)
- Re: Setting the nic up ?? D W (Jun 10)
- Re: Setting the nic up ?? Glenn Forbes Fleming Larratt (Jun 10)
- <Possible follow-ups>
- RE: Setting the nic up ?? COULOMBE, TROY (Jun 10)
- RE: Setting the nic up ?? Walgamotte, David (Jun 10)
  - RE: Setting the nic up ?? Erek Adams (Jun 10)