Snort mailing list archives
Re: running snort in promiscuous mode
From: "AJ Butcher, Information Systems and Computing" <Alex.Butcher () bristol ac uk>
Date: Wed, 10 Mar 2004 09:00:42 +0000
--On 09 March 2004 16:28 +0100 Jan Hormann <hormann () gutenberg-rz de> wrote:
Hello, I have a little problem running snort in promiscuous mode. If I start snort with the option "-vde" an path for config file and logpath, snort switch the ethernet device in promiscuous mode but leave this mode a few seconds later, so that snort don't run in promiscuous mode. If I start aditionally snort with "-v" (as second snort prozess) it runs fine and both snort prozesses use promiscuous mode. My configuration is snort version 2.0.1 on SuSE 9 on a intelbased machine. Ethernet interface is a 3com card. I have this problem on two machines (diferent ethernet devices). Is this problem depending on the version of snort? Does anybody know the problem? Is there anybody how have a solution for this problem?
Works fine here with Snort 2.0.6. Remember that the interface will need to be up, and snort will need root privs in order to set promiscuous mode.
# ifconfig eth1 up # snort -vde -i eth1If that doesn't work for you, how about showing us the error messages you get?
On solution I found on the internet was to change the source code, I hope this isn't the only solution. Thanks Jan
Best Regards, Alex. -- Alex Butcher: Security & Integrity, Personal Computer Systems Group Information Systems and Computing GPG Key ID: F9B27DC9 GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9 ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- running snort in promiscuous mode Jan Hormann (Mar 09)
- Re: running snort in promiscuous mode AJ Butcher, Information Systems and Computing (Mar 10)