Snort mailing list archives
Re: snort on debian monitor interface dhcp
From: Gregory Zill <gregory () r3g net>
Date: Mon, 9 Feb 2009 08:33:59 -0600
Date: Fri, 6 Feb 2009 15:28:26 -0500 (EST) Subject: Re: [Snort-users] snort on debian monitor interface dhcp Cc: snort-users () lists sourceforge net I do not understand why you are doing that. run 'sudo dpkg-reconfigure snort' and select the correct response to enable/disable promiscuous mode. When you are done reconfiguring snort, it will automatically be started. use 'sudo invoke-rc.d snort start' when you want to turn snort on, it will start as configured. I have no idea why you are using 'ifconfig eth1 up promisc'. I suggest 'man interfaces' and 'sudo vim /etc/network/interfaces'
Restated: When the system is started/re-started, it grabs a 169.254.x.x address as the result of unsuccessful dhcp -- and yes I have tcpdump'd this activity -- however there is no content in /etc/resolv.conf and no default route. I manually add those two critical items and it is at that point that I manually 'ifconfig eth1 up promisc' to not only re-engage the interface but to coax into not dhcp'ing. I have unfortunately installed via source, so dpkg does not know anything about snort. $ snort -V ,,_ -*> Snort! <*- o" )~ Version 2.8.3.2 (Build 22) '''' By Martin Roesch & The Snort Team: http://www.snort.org/team.html (C) Copyright 1998-2008 Sourcefire Inc., et al. Using PCRE version: 6.7.7.4 2008-07-04 $ sudo dpkg-reconfigure snort Package `snort' is not installed and no info is available. Use dpkg --info (= dpkg-deb --info) to examine archive files, and dpkg --contents (= dpkg-deb --contents) to list their contents. /usr/sbin/dpkg-reconfigure: snort is not installed ------------------------------------------------------------------------------ Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) software. With Adobe AIR, Ajax developers can use existing skills and code to build responsive, highly engaging applications that combine the power of local resources and data with the reach of the web. Download the Adobe AIR SDK and Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort on debian monitor interface dhcp Gregory Zill (Feb 06)
- Re: snort on debian monitor interface dhcp Shirk Dog (Feb 06)
- Re: snort on debian monitor interface dhcp staff (Feb 06)
- Re: snort on debian monitor interface dhcp Joel Esler (Feb 06)
- Re: snort on debian monitor interface dhcp staff (Feb 06)
- Re: snort on debian monitor interface dhcp Joel Esler (Feb 06)
- Re: snort on debian monitor interface dhcp Craig Van Tassle (Feb 06)
- Re: snort on debian monitor interface dhcp Gregory Zill (Feb 09)
- <Possible follow-ups>
- Re: snort on debian monitor interface dhcp Gregory Zill (Feb 09)
- Re: snort on debian monitor interface dhcp Joel Esler (Feb 09)
- Re: snort on debian monitor interface dhcp Shirk Dog (Feb 06)