Snort mailing list archives

Re: snort on debian monitor interface dhcp

From: Craig Van Tassle <craig () codestorm org>
Date: Fri, 6 Feb 2009 15:04:32 -0600

On Fri, 6 Feb 2009 09:44:45 -0600
Gregory Zill <gregory () r3g net> wrote:

When I manually initiate the monitor (eth1) interface using 'ifconfig
eth1 up promisc' it shows UP but then goes through the dhcp broadcast
and NetworkManager wipes out /etc/resolv.conf and the primary
interface (eth0) loses its default gateway, so I altogether lose
network connectivity to this box. The eth1 interface then shows a
169.254.xx.xx address. Of course, I would prefer no address for the
snort. I would appreciate any pointers in getting the eth1 monitoring
interface to come up without destroying the primary network
parameters. Thanks in advance.


auto eth0
iface eth0 inet manual
        up ifconfig $IFACE up
        down ifconfig $IFACE down


Try that. 

That is how we setup out IDS sensors to bring up the Sniffing interface
with out an IP. We let Snort set the interface to promiscuous mode.
-- 
"An armed society is a polite society. Manners are good when one may
have to back up his acts with his life." Robert A. Heinlein

"Fear is the father of servitude, and the captor of man. There cannot
be slavery without fear, nor freedom with it."

Attachment: signature.asc
Description:

------------------------------------------------------------------------------
Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM)
software. With Adobe AIR, Ajax developers can use existing skills and code to
build responsive, highly engaging applications that combine the power of local
resources and data with the reach of the web. Download the Adobe AIR SDK and
Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

snort on debian monitor interface dhcp Gregory Zill (Feb 06)
- Re: snort on debian monitor interface dhcp Shirk Dog (Feb 06)
  - Re: snort on debian monitor interface dhcp staff (Feb 06)
    - Re: snort on debian monitor interface dhcp Joel Esler (Feb 06)
- Re: snort on debian monitor interface dhcp Joel Esler (Feb 06)
- Re: snort on debian monitor interface dhcp Craig Van Tassle (Feb 06)
- Re: snort on debian monitor interface dhcp Gregory Zill (Feb 09)
- <Possible follow-ups>
- Re: snort on debian monitor interface dhcp Gregory Zill (Feb 09)
  - Re: snort on debian monitor interface dhcp Joel Esler (Feb 09)