Snort mailing list archives

Re: stealth interface

From: "Mike Beal" <Mike.Beal () vintagetul com>
Date: Tue, 01 Oct 2002 16:17:16 -0500

I'm brand new to Snort myself. When I was setting it up, I ran into the same thing. Running RH7.3, 2 nics. I found I 
couldn't activate the 2nd nic using the GUI tools, I had to manually start it up from a shell using ifconfig eth1 up. 
Not much, but I hope it helps.

Dallas Jordan <DJordan () sawgrassink com> 10/01/02 03:04PM >>>

I am pretty new to snort, so forgive my ignorance.  I have FreeBSD 4.5 and
Snort 1.8.1.  I am trying to set Snort up to monitor an interface with no IP
address.  But I cant seem to get it to log anything to the /var/log/snort
directory.  When I start Snort everything appears to be fine.  I use the -v
flag to see if it is "seeing" anything, and I can see lots of packets on the
monitor.  But none are getting logged.  I am using the -l /var/log/snort
option for the logging.  I have my $HOME_NET 10.0.0.0/24 and EXTERNAL_NET
!$HOME_NET.  Don't know if that helps anyone.  I also have another NIC with
a IP address that I will use to access the snort box.  If I set up snort to
monitor this interface, it works as it should.  Everything gets logged into
directories according to IP addresses.  I also have a rule that alerts to
all TCP traffic, just to check if SnortSnarf is working correctly with my
alert file.  When Snort is monitoring the interface with no IP no alerts are
logged.  But they are logged, when monitoring the interface with an IP.  I
am sure it is something simple I'm missing, but I cant figure it out.
Thanks for any help you can give.  




-------------------------------------------------------
This sf.net email is sponsored by: DEDICATED SERVERS only $89!
Linux or FreeBSD, FREE setup, FAST network. Get your own server 
today at http://www.ServePath.com/indexfm.htm 
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net 
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users 
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
This sf.net email is sponsored by: DEDICATED SERVERS only $89!
Linux or FreeBSD, FREE setup, FAST network. Get your own server
today at http://www.ServePath.com/indexfm.htm
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

stealth interface Dallas Jordan (Oct 01)
- <Possible follow-ups>
- RE: stealth interface Wirth, Jeff (Oct 01)
- RE: stealth interface Dallas Jordan (Oct 01)
- Re: stealth interface Mike Beal (Oct 01)
- Re: stealth interface Joe Matusiewicz (Oct 02)
- RE: stealth interface Matt Yackley (Oct 02)
  - Re: stealth interface Jon Quiros (Oct 02)
  - Re: 2 sensors/1 interface? Martin Olsson (Oct 02)
- RE: stealth interface Dallas Jordan (Oct 02)