Snort mailing list archives
RE: Can snort use an unconfigured interface?
From: "Corey Rock" <snort_sigs () hotmail com>
Date: Fri, 21 May 2004 20:39:30 +0000
Is the NIC initialized? It appears to be down. Yes, you can grab packets in promisicuous mode, but the NIC has to be UP!
If you do ifconfig -a or ifconfig sis0, what do you get? It doesn't need an IP, but does need to be configured to have drivers loaded, and to be 'UP' and RUNNING.
Pcap can't open a NIC that's not running, which it looks like you have.....(don't know BSD that well, but there must be some startup scripts for the NIC, on Linux it's /etc/sysconfig/network-scripts)
make sure the NIC is set to "onboot=yes" [root@pleiades root]# more /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 BOOTPROTO=static BROADCAST=x.x.x.x IPADDR=x.x.x.x NETMASK=x.x.x.x NETWORK=x.x.x.x ONBOOT=yes Corey
From: "Shaun T. Erickson" <ste () smxy org> Reply-To: ste () smxy org To: snort-users () lists sourceforge net Subject: [Snort-users] Can snort use an unconfigured interface? Date: Fri, 21 May 2004 14:26:11 -0400I thought that you can put an initerface into promiscuous mode and grab packets off the wire without it being configured up. I'd swear I've done this in the past, but perhaps my memory fails me.I tried to have snort use a second, connected, but unconfigured, nic, to listen on, but I get:Initializing Network Interface sis0 ERROR: OpenPcap() device sis0 open: BIOCSETIF: sis0: Network is down Fatal Error, Quitting..This is on FreeBSD 5.2.1. -ste ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10gGet certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE.http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_________________________________________________________________Get 200+ ad-free, high-fidelity stations and LIVE Major League Baseball Gameday Audio! http://radio.msn.click-url.com/go/onm00200491ave/direct/01/
------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10gGet certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Can snort use an unconfigured interface? Shaun T. Erickson (May 21)
- Re: Can snort use an unconfigured interface? Bennett Todd (May 21)
- Re: Can snort use an unconfigured interface? Shaun T. Erickson (May 21)
- Re: Can snort use an unconfigured interface? Matt Kettler (May 21)
- <Possible follow-ups>
- RE: Can snort use an unconfigured interface? Corey Rock (May 21)
- Re: Can snort use an unconfigured interface? Bennett Todd (May 21)