Snort mailing list archives
Re: snort daemon to listen to eth2 and eth3 in promiscuous mode
From: Ayodele Okeowo <aymacro () gmail com>
Date: Tue, 19 Feb 2013 09:42:11 -0500
Nice! I will assume you are using the bond0 interface as your management interface and it's described in your snort config file. You shouldn't have any problem you just have to change the format of the command line to the one I pasted earlier. Ayo On Tue, Feb 19, 2013 at 8:02 AM, Ayodele Okeowo <aymacro () gmail com> wrote:
If you only have 2 interfaces, you will need 3 interfaces where one interface will have an IP address configured on it for management (no promisc) and the other 2 will not have any IP address configuration on them and they will need to be in Promisc modes. if you eventually have 3 interfaces up and configured, use the below command as referenced in Snort Manual. snort -c /etc/snort/snort.conf -u snort -g snort --daq afpacket -i eth2:eth3 -Q Replace the interfaces with the ones that corresponds with your interfaces. Hope this helps. {read more on DAQ modes and types - http://vrt-blog.snort.org/2010/08/snort-29-essentials-daq.html} Ayo On Tue, Feb 19, 2013 at 7:54 AM, Ayodele Okeowo <aymacro () gmail com> wrote:Ok, to run Snort in inline mode your snort command will look different. How many interfaces do you have on your box? Ayo On Tue, Feb 19, 2013 at 7:29 AM, Kaushal Shriyan < kaushalshriyan () gmail com> wrote:On Tue, Feb 19, 2013 at 5:54 PM, Ayodele Okeowo <aymacro () gmail com>wrote:What command do you type when running snort in inline? You will have to pair both interfaces in order to use both for sniffing. Paste your command on here and let's see. :) AyoThanks Ayo for the quick reply and i start snort using init script on CentOS 5.8 with the below mentioned details [root@snort ~]# /etc/init.d/snortd status snort (pid 17573) is running... [root@snort ~]# ps aux | grep snort snort 17573 0.0 0.2 417000 71064 ? Ssl 17:21 0:00 /usr/sbin/snort -A fast -b -d -D -i eth2 -u snort -g snort -c /etc/snort/snort.conf -l /var/log/snort root 17647 0.0 0.0 61172 752 pts/0 S+ 17:58 0:00 grep snort [root@snort ~]# Regards Kaushal
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- snort daemon to listen to eth2 and eth3 in promiscuous mode Kaushal Shriyan (Feb 19)
- Re: snort daemon to listen to eth2 and eth3 in promiscuous mode Ray Caparros (Feb 19)
- Re: snort daemon to listen to eth2 and eth3 in promiscuous mode Kaushal Shriyan (Feb 19)
- Re: snort daemon to listen to eth2 and eth3 in promiscuous mode Ayodele Okeowo (Feb 19)
- Re: snort daemon to listen to eth2 and eth3 in promiscuous mode Kaushal Shriyan (Feb 19)
- Re: snort daemon to listen to eth2 and eth3 in promiscuous mode Ayodele Okeowo (Feb 19)
- Re: snort daemon to listen to eth2 and eth3 in promiscuous mode Kaushal Shriyan (Feb 19)
- Re: snort daemon to listen to eth2 and eth3 in promiscuous mode Ayodele Okeowo (Feb 19)
- Re: snort daemon to listen to eth2 and eth3 in promiscuous mode Ayodele Okeowo (Feb 19)
- Re: snort daemon to listen to eth2 and eth3 in promiscuous mode Kaushal Shriyan (Feb 19)
- Re: snort daemon to listen to eth2 and eth3 in promiscuous mode Kaushal Shriyan (Feb 21)
- Re: snort daemon to listen to eth2 and eth3 in promiscuous mode Ayodele Okeowo (Feb 21)
- Re: snort daemon to listen to eth2 and eth3 in promiscuous mode Kaushal Shriyan (Feb 19)
- Re: snort daemon to listen to eth2 and eth3 in promiscuous mode Ray Caparros (Feb 19)