Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snort daemon to listen to eth2 and eth3 in promiscuous mode

From: Kaushal Shriyan <kaushalshriyan () gmail com>
Date: Tue, 19 Feb 2013 17:24:10 +0530
On Tue, Feb 19, 2013 at 5:20 PM, Ray Caparros <arcy24 () gmail com> wrote:


Kaushal,

I believe in CentOS you can set your interfaces by running ifconfig eth2
promisc. You should be able to do the same thing on your other interface.



Hi Ray,

Thanks for the quick reply when i check for snort process i can see only
eth2 and not eth3 and /sbin/ifconfig for eth2 and eth3 is already set to
PROMISC mode. Please suggest further.

[root@snort ~]# ps aux | grep snort
snort    17573  0.0  0.2 417000 71064 ?        Ssl  17:21   0:00
/usr/sbin/snort -A fast -b -d -D -i eth2 -u snort -g snort -c
/etc/snort/snort.conf -l /var/log/snort
root     17579  0.0  0.0  61172   752 pts/0    S+   17:21   0:00 grep snort
[root@snort ~]# /sbin/ifconfig eth2
eth2      Link encap:Ethernet  HWaddr E0:DB:55:05:D0:0E
          inet6 addr: fe80::e2db:55ff:fe05:d00e/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:1 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:64 (64.0 b)  TX bytes:492 (492.0 b)
          Interrupt:210 Memory:d90a0000-d90b0000

[root@snort ~]# /sbin/ifconfig eth3
eth3      Link encap:Ethernet  HWaddr E0:DB:55:05:D0:0F
          inet6 addr: fe80::e2db:55ff:fe05:d00f/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:1 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:64 (64.0 b)  TX bytes:492 (492.0 b)
          Interrupt:218 Memory:d90d0000-d90e0000

[root@snort ~]#

Regards

Kaushal


On Feb 19, 2013 6:14 AM, "Kaushal Shriyan" <kaushalshriyan () gmail com> wrote:



Hi,

I have set eth2 and eth3 ethernet interface to promiscuous mode on CentOS
5.8. is there a way to set it permanently on snort config ->
/etc/snort/snort.conf or do i need to edit any configuration file? Please
suggest.

Regards,

Kaushal


------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!




------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: