Snort mailing list archives
Re: Snort-users digest, Vol 1 #3997 - 11 msgs
From: Nigel Houghton <nigel () sourcefire com>
Date: Tue, 24 Feb 2004 12:34:55 -0500
On 0, I think snort-users-request () lists sourceforge net wrote:
Today's Topics: 1. Re: Snort on Linux with no IP (Yonah Russ) --__--__-- Message: 1 Date: Sun, 22 Feb 2004 23:34:30 +0200 From: Yonah Russ <yonah () mirimar net> To: Brian McNeilly <bmcneilly () shaw ca> CC: snort-users () lists sourceforge net Subject: Re: [Snort-users] Snort on Linux with no IP eth1 is the name for the second network card in a BSD or Linux machine. Each network card is called eth for ethernet and is number from 0 and up to however many network cards you have (minus 1).
eth* applies to Linux machines, BSD is different. For example, FreeBSD uses the driver to identify the interface, so for example, an Intel card will show up as fxp0 or fxp1 etc., an Intel pro/1000 GigE card will show up as gx0, gx1 etc.. 3Com cards show as xl0, xl1 etc... The main thing is that if you have two different cards in a machine, say an Intel and a 3Com they will show as fxp0 and xl0 and not fxp0 and xl1.
It seems your machine either has only one network card or it may not have the proper driver modules loaded.
This may be true, but we would need to know the OS to go any further.
If you only have one network card, you could try using eth0 instead but you obviously won't be able to use regular network from that computer.
Only if you are running in promiscuous mode.
Hope this helps. Yonah -- Yonah Russ - Mirimar Networks http://www.mirimar.net/ Brian McNeilly wrote:Hi, I apologise in advance for the newbie question, which undoubtedly has been discussed to death already. Before you send me to the FAQ, here is the relevant snippit from there: 3.1 How do I setup snort on a 'stealth' interface? *BSD and Linux: ifconfig eth1 up
Which OS are you using?
OK, so I do this and the response I get is: eth1: unknown interface: No such device Can anyone elaborate on the rather limited response found in the FAQ for this issue? Is seems to me that many people have asked about this before, but there never has been an appropriate explanation put into the FAQ (I've just spent the entire afternoon reading mail archives to no avail). Sorry if I'm just stupid, but the FAQ isn't really helpful on this issue. Cheers, Brian McNeilly
------------------------------------------------------------- Nigel Houghton Research Engineer Sourcefire Inc. Vulnerability Research Team In an emergency situation involving two or more officers of equal rank, seniority will be granted to whichever officer can program a vcr. ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Snort-users digest, Vol 1 #3997 - 11 msgs Nigel Houghton (Feb 24)