Snort mailing list archives
Fw: Interface in promiscuous mode
From: "Andrea Iacopini" <andrea.iacopini () realtech it>
Date: Wed, 20 Nov 2002 22:05:33 +0100
Hi Helder, as you can see from the piece-pasted og messages your interface is set again in promiscuos mode; tipically sensor interface doesn't have, please the list give me this permissions :-), the IP stack loaded so the promiscuos flag can't apper. About cisco, usually, when I deployed IDS solution with cisco the port-attached-sensor is set in span ( monitoring ) mode; the span mode give the ability to copy all the traffic on the indicated port. If you have serveral switches you can use the the remote span property. HTH, Regards, A. ======================================================================== Andrea Iacopini - Networking Solutions andrea.iacopini () realtech it - Mobile + 39 335 123.44.93 REALTECH Italia S.p.A. - Technology drives e-Business Via Paolo di Dono, 73 - 00142 Roma, Italy Tel. +39 06 51.95.981, Fax. +39 06 51.96.36.74 ======================================================================== Real hackers don't die, just their TTL expires. [Unknown]
----- Original Message ----- From: "Helder Rocha" <hrocha () da-telecom com> To: <snort-users () lists sourceforge net> Sent: Wednesday, November 20, 2002 8:56 PM Subject: [Snort-users] Interface in promiscuous modeHello, I've installed the Snort and the SnortCenter but when I start thesnortthere are some info in my messages log file about the promiscuousmode butwhen I enter the commam "ifconfig -a" the interface does not apears
as
PROMISC. Is this normal? Do I really need the PROMISC set in eth0 interface? ... Nov 20 18:47:36 xpto kernel: device eth0 entered promiscuous mode Nov 20 18:47:36 xpto kernel: device eth0 left promiscuous mode Nov 20 18:47:36 xpto kernel: device eth0 entered promiscuous mode Nov 20 18:47:36 xpto snort: Initializing daemon mode Nov 20 18:47:36 xpto snort: PID path stat checked out ok, PID path
set
to/var/run/ Nov 20 18:47:36 xpto snort: Writing PID "13562" to file "/var/run//snort_eth0.pid" Nov 20 18:47:36 xpto snort: Snort initialization completedsuccessfully,Snort running My snort machine is connected to a Cisco switch with others servers.How canI catch all packets in the LAN even if the destination is not my
snort
machine? Thanks in advance, Helder Rocha hrocha () da-telecom com ------------------------------------------------------- This sf.net email is sponsored by: Battle your brains against the best in the Thawte Crypto Challenge. Be the first to crack the code - register now: http://www.gothawte.com/rd521.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by: Battle your brains against the best in the Thawte Crypto Challenge. Be the first to crack the code - register now: http://www.gothawte.com/rd521.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Interface in promiscuous mode Helder Rocha (Nov 20)
- RE: Interface in promiscuous mode Mark Weaver (Nov 20)
- Re: Interface in promiscuous mode Robby Desmond (Nov 20)
- <Possible follow-ups>
- Fw: Interface in promiscuous mode Andrea Iacopini (Nov 20)
- Re: Interface in promiscuous mode Di Fazio Guido (Nov 22)