Snort mailing list archives

Re: running snort in promiscuous mode

From: "AJ Butcher, Information Systems and Computing" <Alex.Butcher () bristol ac uk>
Date: Wed, 10 Mar 2004 09:00:42 +0000



--On 09 March 2004 16:28 +0100 Jan Hormann <hormann () gutenberg-rz de> wrote:

Hello,

I have a little problem running snort in promiscuous mode. If I start
snort  with the option "-vde" an path for config file and logpath, snort
switch the  ethernet device in promiscuous mode but leave this mode a few
seconds later,  so that snort don't run in promiscuous mode.
If I start aditionally snort with "-v" (as second snort prozess) it runs
fine  and both snort prozesses use promiscuous mode.

My configuration is snort version 2.0.1 on SuSE 9 on a intelbased
machine.  Ethernet interface is a 3com card.
I have this problem on two machines (diferent ethernet devices).

Is this problem depending on the version of snort? Does anybody know the
problem? Is there anybody how have a solution for this problem?

Works fine here with Snort 2.0.6. Remember that the interface will need tobe up, and snort will need root privs in order to set promiscuous mode.


# ifconfig eth1 up
# snort -vde -i eth1

If that doesn't work for you, how about showing us the error messages youget?

On solution I found on the internet was to change the source code, I hope
this  isn't the only solution.

Thanks
Jan


Best Regards,
Alex.
--
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing             GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9




-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

running snort in promiscuous mode Jan Hormann (Mar 09)
- Re: running snort in promiscuous mode AJ Butcher, Information Systems and Computing (Mar 10)