Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snort daemon to listen to eth2 and eth3 in promiscuous mode

From: Kaushal Shriyan <kaushalshriyan () gmail com>
Date: Tue, 19 Feb 2013 18:28:22 +0530
On Tue, Feb 19, 2013 at 6:24 PM, Ayodele Okeowo <aymacro () gmail com> wrote:


Ok, to run Snort in inline mode your snort command will look different.
How many interfaces do you have on your box?

Ayo



Thanks Ayodele for the reply, I have 4 interfaces on the snort server with
the below details and please let me know if you need snort configs too.

#cat /tmp/interfaces
bond0     Link encap:Ethernet  HWaddr E0:DB:55:05:D0:0C
          inet addr:192.168.25.10  Bcast:192.168.73.255  Mask:255.255.255.0
          inet6 addr: fe80::e2db:55ff:fe05:d00c/64 Scope:Link
          UP BROADCAST RUNNING MASTER MULTICAST  MTU:1500  Metric:1
          RX packets:1902153 errors:0 dropped:0 overruns:0 frame:0
          TX packets:250497 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:232394243 (221.6 MiB)  TX bytes:93066331 (88.7 MiB)

eth0      Link encap:Ethernet  HWaddr E0:DB:55:05:D0:0C
          UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1
          RX packets:1101579 errors:0 dropped:0 overruns:0 frame:0
          TX packets:250497 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:169722435 (161.8 MiB)  TX bytes:93066331 (88.7 MiB)
          Interrupt:194 Memory:d91a0000-d91b0000

eth1      Link encap:Ethernet  HWaddr E0:DB:55:05:D0:0C
          UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1
          RX packets:800574 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:62671808 (59.7 MiB)  TX bytes:0 (0.0 b)
          Interrupt:202 Memory:d91d0000-d91e0000

eth2      Link encap:Ethernet  HWaddr E0:DB:55:05:D0:0E
          inet6 addr: fe80::e2db:55ff:fe05:d00e/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:1 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:64 (64.0 b)  TX bytes:492 (492.0 b)
          Interrupt:210 Memory:d90a0000-d90b0000

eth3      Link encap:Ethernet  HWaddr E0:DB:55:05:D0:0F
          inet6 addr: fe80::e2db:55ff:fe05:d00f/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:1 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:64 (64.0 b)  TX bytes:492 (492.0 b)
          Interrupt:218 Memory:d90d0000-d90e0000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:104 errors:0 dropped:0 overruns:0 frame:0
          TX packets:104 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:5200 (5.0 KiB)  TX bytes:5200 (5.0 KiB)

[root@snort ~]#

Regards

Kaushal

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: