Snort mailing list archives
RE: Stealth interface not seeing any IP traffic
From: "Ron Jenkins" <rjenkins () dibr net>
Date: Sat, 22 Jan 2005 20:43:23 -0600
If that is a Linksys Everywhere Hub, it is not really a hub. You will have to find an old hub. Thanks... -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of David G. Humes Sent: Saturday, January 22, 2005 8:02 PM To: snort-users Subject: [Snort-users] Stealth interface not seeing any IP traffic I just setup a system for running snort at home and I'm having a problem with the monitoring interface not seeing any IP traffic. If I do a tcpdump on the monitoring interface all I see is the usual boatload of arp requests and an occasional igmp message. It's a Redhat 9 system with libpcap-0.8.3. The monitoring interface is plugged into a port on a hub that sits between my cable modem my router/switch. FWIW the hub is a Linksys NH1005-WM. Here's the configuration of eth1. eth1 Link encap:Ethernet HWaddr 00:01:02:C9:D6:53 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:44499 errors:0 dropped:0 overruns:0 frame:0 TX packets:2 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:2673544 (2.5 Mb) TX bytes:120 (120.0 b) Interrupt:10 Base address:0x1480 Here's my /etc/sysconfig/network-scripts/ifcfg-eth1 file. TYPE=Ethernet DEVICE=eth1 BOOTPROTO=static ONBOOT=yes IPADDR=0.0.0.0 I've also tried setting eth1 noarp and promisc, but that does not make any difference. And I tried giving the interface an address and that didn't help either. I know the interface works, as I have used it as the management interface to the sensor. Any thoughts? ------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Stealth interface not seeing any IP traffic David G. Humes (Jan 22)
- <Possible follow-ups>
- RE: Stealth interface not seeing any IP traffic Ron Jenkins (Jan 22)
- Re: Stealth interface not seeing any IP traffic Dave Humes (Jan 23)
- Re: Stealth interface not seeing any IP traffic Rich Adamson (Jan 23)
- Re: Stealth interface not seeing any IP traffic Dave Humes (Jan 23)