Snort mailing list archives
RE: Interface in promiscuous mode
From: "Mark Weaver" <mark () npsl co uk>
Date: Wed, 20 Nov 2002 20:46:04 -0000
Yes, it's normal - promiscuous mode means that the interface will return all packets, even if they are not destined for it. Obviously for what you want to do this is a desirable thing. If snort is going to work it needs to receive all traffic, so either your switch provides an option to mirror all traffic to your snort box, or it doesn't. Mark
-----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Helder Rocha Sent: 20 November 2002 19:57 To: snort-users () lists sourceforge net Subject: [Snort-users] Interface in promiscuous mode Hello, I've installed the Snort and the SnortCenter but when I start the snort there are some info in my messages log file about the promiscuous mode but when I enter the commam "ifconfig -a" the interface does not apears as PROMISC. Is this normal? Do I really need the PROMISC set in eth0 interface? ... Nov 20 18:47:36 xpto kernel: device eth0 entered promiscuous mode Nov 20 18:47:36 xpto kernel: device eth0 left promiscuous mode Nov 20 18:47:36 xpto kernel: device eth0 entered promiscuous mode Nov 20 18:47:36 xpto snort: Initializing daemon mode Nov 20 18:47:36 xpto snort: PID path stat checked out ok, PID path set to /var/run/ Nov 20 18:47:36 xpto snort: Writing PID "13562" to file "/var/run//snort_eth0.pid" Nov 20 18:47:36 xpto snort: Snort initialization completed successfully, Snort running My snort machine is connected to a Cisco switch with others servers. How can I catch all packets in the LAN even if the destination is not my snort machine? Thanks in advance, Helder Rocha hrocha () da-telecom com ------------------------------------------------------- This sf.net email is sponsored by: Battle your brains against the best in the Thawte Crypto Challenge. Be the first to crack the code - register now: http://www.gothawte.com/rd521.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by: Battle your brains against the best in the Thawte Crypto Challenge. Be the first to crack the code - register now: http://www.gothawte.com/rd521.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Interface in promiscuous mode Helder Rocha (Nov 20)
- RE: Interface in promiscuous mode Mark Weaver (Nov 20)
- Re: Interface in promiscuous mode Robby Desmond (Nov 20)
- <Possible follow-ups>
- Fw: Interface in promiscuous mode Andrea Iacopini (Nov 20)
- Re: Interface in promiscuous mode Di Fazio Guido (Nov 22)