Re: Snort will not detect anything on stealth interface unless I assign IP

[Paul Schmehl <pauls () utdallas edu>]

--On Saturday, July 17, 2004 12:10 PM -0700 Rhugga 
<snort-list () sandiego420 com> wrote:
> How do you use a shadow interface with no IP address with snort? I am
> running RH 9.
When you start snort, you need to tell it what interface to use and what 
conf file to use.

If you're going to run two instances of snort on the same box with two 
interfaces, then you'd do something like this:

snort -i eth0 -c /etc/snort1.conf -D
snort -i eht1 -c /etc/snort2.conf -D

Each conf file would point to a separate database.

(Use whatever other switches you need.  For more information on what's 
available, run snort --help from the commandline.  You may have to pipe it 
through a pager to see everything - snort --help | less, for example.)

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu


-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users