Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Promiscuous Mode

From: Paul Schmehl <pauls () utdallas edu>
Date: Sat, 20 Mar 2004 22:40:26 -0600
--On Sunday, March 21, 2004 2:08 AM +0000 pfeito <pfeito () netcabo pt> wrote:


Hi,

I've just installed snort on fedora core 1 with MySQL and ACID. Everything
is looking cool. I've set the IDS box outside the firewall using an HUB.

Something is bothering me though... if I do "ifconfig -a" my interface,
(which as no IP or mask set) does not show the keyword PREMISC, but doing
tail /var/log/messages, I can see a message like "... kernel: eth0:
Setting promiscuous mode.". A quick look to ACID's data tells me that the
interface is in fact in promiscuous mode, but shouldn't this be figured
in "ifconfig -a" ?
No. If you look in the networking docs in /usr/share you'll see that promisc is deprecated. If you bring up an interface without an IP, it's in promiscuous mode. 

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: