Snort mailing list archives

Previous By Date Next
Previous By Thread Next

OBSD / PROMISCUOUS

From: "Sean Kiewiet" <SKiewiet () prioritypaymentsystems com>
Date: Mon, 19 Sep 2005 09:59:36 -0400
Hey all:

 

OBSD3.7

SNORT2.3.3

 

I have a machine with 4 nics running 4 instances of snort:

 

/usr/local/bin/snort -u sguil -g sguil -l /nsm/em0 -c
/etc/snort/em0.snort.conf -U -A none -m 122 -i em0 -D
/usr/local/bin/snort -u sguil -g sguil -l /nsm/em1 -c
/etc/snort/em1.snort.conf -U -A none -m 122 -i em1 -D
/usr/local/bin/snort -u sguil -g sguil -l /nsm/em2 -c
/etc/snort/em2.snort.conf -U -A none -m 122 -i em2 -D
/usr/local/bin/snort -u sguil -g sguil -l /nsm/em3 -c
/etc/snort/em3.snort.conf -U -A none -m 122 -i em3 -D

 

One of the 4 nics has an ip address, the others do not.  

When I start up the 4 instances of snort, the nic (em0) with the ip
address shows up in promiscuous mode, the others do not.

 

# ifconfig -a

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33224

        inet 127.0.0.1 netmask 0xff000000

        inet6 ::1 prefixlen 128

        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8

em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500

        address: 00:04:23:bd:ab:d6

        media: Ethernet autoselect (1000baseT full-duplex)

        status: active

        inet 10.1.1.3 netmask 0xffffff00 broadcast 10.1.1.255

        inet6 fe80::204:23ff:febd:abd6%em0 prefixlen 64 scopeid 0x1

em1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500

        address: 00:04:23:bd:ab:d7

        media: Ethernet autoselect (1000baseT full-duplex)

        status: active

em2: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500

        address: 00:14:22:0f:84:2b

        media: Ethernet autoselect (1000baseT full-duplex)

        status: active

em3: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500

        address: 00:14:22:0f:84:2c

        media: Ethernet autoselect (100baseTX full-duplex)

        status: active

pflog0: flags=0<> mtu 33224

pfsync0: flags=0<> mtu 2020

enc0: flags=0<> mtu 1536

#

 

How do I get the other 3 ip-less nics to run in promiscuous mode in
OBSD?

 

Any help would be appreciated.

 

Sean
Previous By Date Next
Previous By Thread Next

Current thread: