Snort mailing list archives
Re: Using snort sensors.
From: "Pedro Tedeschi" <pedro.tedeschi () frb-par com>
Date: Mon, 14 Oct 2002 11:17:23 -0300
For default, snort use eth0 interface in promisc mode. Put '-i eth1' in command line, when you'll start snort example: 'snort -c /usr/snort/snort.conf -i eth1 -d -D' Hope that gives you some help Cheers, Pedro Tedeschi -
----- Original Message ----- From: "Sujit Pal" <sujit.pal () verizon net> To: "Snort E-mail List" <snort-users () lists sourceforge net> Sent: Monday, October 14, 2002 12:05 AM Subject: [Snort-users] Using snort sensors.Hello! I had configured a Linux system to be used as the snort sensor. This was done as per the install recommendation shown in Snort Installation
Manual
bySteven J Scott. I ahve two NIC in this system. eth0 and eth1. I configuer eth0 with an IP address etc. eth1 was left alone as suggested. I understood that the eth1 was to be used as the probe NIC and it shouldberun on promiscous mode. However if I start snort with the eth1 nic card
it
starts snort but do not log any data into the database. The same works when used with the eth0 NIC. Is my assumption that the eth1 was to be used as probe wrong. Why was it suggested to have a second NIC if not used. How can I put a NIC in promiscous mode and how to check that it is promiscous mode. I tried using ifconfig eth1 -promisc up. I do not think that worked. Regards. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Using snort sensors. Sujit Pal (Oct 13)
- Re: Using snort sensors. Chris Baker (Oct 13)
- Re: Using snort sensors. Erek Adams (Oct 14)
- <Possible follow-ups>
- Re: Using snort sensors. Pedro Tedeschi (Oct 14)