Snort mailing list archives
RE: Sniffing stealth mode
From: "Gordon Cunningham" <gacunningham () bellsouth net>
Date: Wed, 24 Sep 2003 13:13:00 -0400
If you continue to tell snort to use eth0 on the command line: /usr/local/bin/snort -c /etc/snort/conf/snort.conf -i eth0 -D it will continue to use eth0. To use eth1: /usr/local/bin/snort -c /etc/snort/conf/snort.conf -i eth1 -D - Gordon "When I finally found a spam filter that worked, I no longer received ANY email." -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Watson, Ed Sent: Wednesday, September 24, 2003 12:26 PM To: 'snort-users () lists sourceforge net' Subject: [Snort-users] Sniffing stealth mode Hi All, I've read the docs/FAQ and as much as I can find on the net but still can't find the answer. RH9 Apache Acid Mysql Built with document: http://www.snort.org/docs/snort_acid_rh9.pdf I've got two nics. One with IP and one without. Eth0 has IP, Eth1 is up in promisc with no IP using '#ifconfig eth1 up'. I can't seem to get snort to listen to eth1 instead of eth0. If I use 'var HOME_NET any' I get: /usr/local/bin/snort -c /etc/snort/conf/snort.conf -i eth0 -D I've tried these below but snort wont start: var HOME_NET $eth1_ADDRESS var HOME_NET $eth1_0.0.0.0 var HOME_NET $eth1 Can someone tell me what I'm doing wrong? Thanks, Ed ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Sniffing stealth mode Watson, Ed (Sep 24)
- RE: Sniffing stealth mode Gordon Cunningham (Sep 24)
- <Possible follow-ups>
- RE: Sniffing stealth mode Watson, Ed (Sep 24)
- RE: Sniffing stealth mode Yackley, Matt (Sep 24)