RE: Sniffing stealth mode

["Yackley, Matt" <Matt.Yackley () perkinswill com>]

Ed, have you tried starting snort with:

/usr/local/bin/snort -c /etc/snort/conf/snort.conf -I eth1 -D
                                                                        ^^^^

-matt

-----Original Message-----
From: Watson, Ed [mailto:EWatson () lightspan com] 
Sent: Wednesday, September 24, 2003 11:26 AM
To: 'snort-users () lists sourceforge net'
Subject: [Snort-users] Sniffing stealth mode

Hi All,
        I've read the docs/FAQ and as much as I can find on the net but
still can't find the answer.

RH9
Apache
Acid
Mysql
Built with document: http://www.snort.org/docs/snort_acid_rh9.pdf

        I've got two nics. One with IP and one without. Eth0 has IP, Eth1 is
up in promisc with no IP using '#ifconfig eth1 up'. I can't seem to get
snort to listen to eth1 instead of eth0.

If I use 'var HOME_NET any' I get:

/usr/local/bin/snort -c /etc/snort/conf/snort.conf -i eth0 -D

I've tried these below but snort wont start:

var HOME_NET $eth1_ADDRESS
var HOME_NET $eth1_0.0.0.0
var HOME_NET $eth1

Can someone tell me what I'm doing wrong?

Thanks,
Ed


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users