Snort will not detect anything on stealth interface unless I assign IP

[Rhugga <snort-list () sandiego420 com>]

I have attached 1 interface of from ISD box a hub containing our border 
router and our 2 firewalls. I bring the interface up with no IP address 
and snort will not start due to $eth1_ADDRESS being null.

If I assign a dummy IP address to the interface:

ifconfig eth1 down
ifconfig eth1 192.168.199.199
ifconfig eth1 up

I can see that the interace is receiving packets (based on ifconfig -a)
         RX packets:33790 errors:0 dropped:0 overruns:0 frame:0
         TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:100
         RX bytes:2231965 (2.1 Mb)  TX bytes:0 (0.0 b)
         Interrupt:21 Base address:0x3400 Memory:f5104000-f5104038

snort will start when eth1 has this dummy IP address but no rules are 
getting detected.

When I put a valid IP address on that interface in the same net as the 
router and firewalls, snort then starts matching rules...

How do you use a shadow interface with no IP address with snort? I am 
running RH 9.

Thx,
rhugga



-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users