Snort mailing list archives

RE: starting snort

From: Juan Fernandez <Juan.Fernandez () deltathree com>
Date: Tue, 17 Aug 2004 11:54:42 +0300

Okey, sorry I didn't wrote enough info ( I also have read the docs):

This sensor will be in the dmz subnet when the port from the dmz switch that
goes to the firewall will be mirrored to the port that the sensor nic ( in
promisc mode ) will be in.


The second nic will be in the internal lan switch so I can manage it and
send alerts to the management server.
Is it enough info ?

Thanks 


-----Original Message-----
From: Edin Dizdarevic [mailto:edin.dizdarevic () interActive-Systems de] 
Sent: Tuesday, August 17, 2004 11:38 AM
To: Juan Fernandez; snort-users () lists sourceforge net
Subject: Re: [Snort-users] starting snort

Hi,

unfortunatelly you wrote nothing about your network setup. If all the
traffic you want to observe is going over your sensor, no need to run
the nics in the promisc mode. Otherwise you even have to, but please
read the docs and older posts about running Snort on a switch or a hub.
There is a small caveat outhere.

Regards,
Edin

Juan Fernandez wrote:



Hi



I have a question starting snort,



I have 2 nics they are eth1 and eth2 I want that etc1 will be in
promisc mode.



Now I read that to start snort I need to insert the following
command:



Usr/local/snort/bin/snort -c /usr/local/snort/conf/snort.conf -l -I
eth1 -u snort_user -g snort_group



Do I really need to insert the eth1 or eth2 ? I mean do I need to put
the promisc mode there or the other nic ?



Thanks


-- 
Edin Dizdarevic


-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

starting snort Juan Fernandez (Aug 17)
- Re: starting snort Edin Dizdarevic (Aug 17)
- <Possible follow-ups>
- RE: starting snort Juan Fernandez (Aug 17)