Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: promiscuous mode in windows

From: Matt Kettler <mkettler () evi-inc com>
Date: Fri, 15 Apr 2005 17:01:04 -0400
Mihai Petre wrote:


Hi guys,

I inherited 2 sensors running snort on win2000.
The config on each network card show a static ip assigned to each card
used for sniffing.

I know that in linux I can check the status and start the card in
promisc mode but what about windows.


I don't think windows itself understands the concept, so I don't think
there's a good way to check the status. Perhaps there's a 3rd party utility.



Can I have an ip assigned and promisc mode on the same card ?


Yes, you can have both at the same time on the same card. Why wouldn't
you be able to do that?

 Really, promisc mode has nothing to do at all with IP assignment. 
Promisc mode is an ethernet MAC layer setting, and has no relevance at
all to the IP layer. It's not like they are settings that get applied at
the same spot and thus would require any special effort to support both
at the same time.

Some old and now obscure systems have the opposite problem, they refuse
to enable interfaces that don't have an IP, thus you can ONLY do promisc
mode on interfaces with IP's. But that's really just a weird assumption
in the system that any interface without an IP must be useless and
should be shut down.

 I've never heard of a machine that required an interface to have no IP
before it would allow promisc mode. Ever.  (However, if anyone knows of
one, I'd love to hear about it)



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: