Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort-users digest, Vol 1 #3997 - 11 msgs

From: Nigel Houghton <nigel () sourcefire com>
Date: Tue, 24 Feb 2004 12:34:55 -0500
On  0, I think snort-users-request () lists sourceforge net wrote:

Today's Topics:

   1. Re: Snort on Linux with no IP (Yonah Russ)
--__--__--

Message: 1
Date: Sun, 22 Feb 2004 23:34:30 +0200
From: Yonah Russ <yonah () mirimar net>
To: Brian McNeilly <bmcneilly () shaw ca>
CC: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Snort on Linux with no IP

eth1 is the name for the second network card in a BSD or Linux machine. 
Each network card is called eth for ethernet  and is number from 0 and 
up to however many network cards you have (minus 1).


eth* applies to Linux machines, BSD is different. For example, FreeBSD uses the driver to 
identify the interface, so for example, an Intel card will show up as fxp0
or fxp1 etc., an Intel pro/1000 GigE card will show up as gx0, gx1 etc.. 3Com
cards show as xl0, xl1 etc...

The main thing is that if you have two different cards in a machine, say an
Intel and a 3Com they will show as fxp0 and xl0 and not fxp0 and xl1.


It seems your machine either has only one network card or it may not 
have the proper driver modules loaded.


This may be true, but we would need to know the OS to go any further.


If you only have one network card, you could try using eth0 instead but 
you obviously won't be able to use regular network from that computer.


Only if you are running in promiscuous mode.


Hope this helps.
Yonah

--
Yonah Russ - Mirimar Networks
http://www.mirimar.net/

Brian McNeilly wrote:


Hi,

I apologise in advance for the newbie question, which undoubtedly has 
been discussed to death already. Before you send me to the FAQ, here 
is the relevant snippit from there:

3.1 How do I setup snort on a 'stealth' interface?

  *BSD and Linux:

    ifconfig eth1 up


Which OS are you using?


OK, so I do this and the response I get is: eth1: unknown interface: 
No such device

Can anyone elaborate on the rather limited response found in the FAQ 
for this issue? Is seems to me that many people have asked about this 
before, but there never has been an appropriate explanation put into 
the FAQ (I've just spent the entire afternoon reading mail archives to 
no avail). Sorry if I'm just stupid, but the FAQ isn't really helpful 
on this issue.

Cheers,

Brian McNeilly



-------------------------------------------------------------
Nigel Houghton  Research Engineer   Sourcefire Inc.
            Vulnerability Research Team

In an emergency situation involving two or more officers of equal rank,
seniority will be granted to whichever officer can program a vcr.


-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: