Snort mailing list archives
RE: Stealth sensor on SPAN port w/o tap
From: Security Admin <SecurityAdmin () hyprotech com>
Date: Wed, 6 Nov 2002 09:01:20 -0700
On my setup (freebsd) I run ifconfig fxp1 up before I fire up snort. The fxp1 if like your eth0.... -----Original Message----- From: Robert MacKinnon [mailto:robert.mackinnon () broadpark no] Sent: Wednesday, November 06, 2002 8:30 AM To: Subject: [Snort-users] Stealth sensor on SPAN port w/o tap I've been experimenting with getting my first snort sensor online but have not had success yet with configuring SPAN on the port to which the sensor is installed in a stealth mode. The environ is PC with dual 100Mb NICs, snort v1.9.0 on RH v7.3. One NIC (eth1) is connected into a managment net and configured with an IP address. The other interface (eth0) is connected to a SPAN port (monitoring three other ports on the same Catalyst 2900XL, same VLAN) and has no IP address assigned. Running "snort -dev -i eth0" produces no output. OpenPCap() warns about the missing IPv4 address but absolutely no packets are captured. If I assign an IP address to the port, capturing functions as expected. I've read all I can find on the Internet about taps, SPAN ports and snort but nothing addresses this problem. Will I have to invest in a tap to get this to work? TIA. - Rob. ------------------------------------------------------- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Stealth sensor on SPAN port w/o tap Robert MacKinnon (Nov 06)
- <Possible follow-ups>
- RE: Stealth sensor on SPAN port w/o tap Security Admin (Nov 06)
- Stealth sensor on SPAN port w/o tap Robert MacKinnon (Nov 10)
- Re: Stealth sensor on SPAN port w/o tap Erek Adams (Nov 11)
- Re: Stealth sensor on SPAN port w/o tap Bennett Todd (Nov 13)
- Re: Stealth sensor on SPAN port w/o tap Erek Adams (Nov 11)