Snort mailing list archives
Re: Snort 1.7 problem with -i any
From: Neil Dickey <neil () geol niu edu>
Date: Tue, 5 Jun 2001 09:59:04 -0500 (CDT)
Edwin Chiu <Edwin.Chiu () e-wares com> wrote: [ ... Snip, 'any' interface not recognized so use le0 etc ... ]
I'm aware of this, but I was under the impression that libpcap and/or snort could listen to all interfaces with the "-i any" flag, like tcpdump.
That may well be! I was just working from what's in the man page, which
says that '-i' requires the interface name as an argument. It wouldn't
be the first time I've gotten into trouble reading a man page. ;-)
Did you try specifying a particular interface to see if the problem goes
away? ( We already know that 'any' doesn't work ... ) If Snort won't
report anything then, maybe there's a problem with your build. If 'any'
should work and doesn't then there's obviously a bug somewhere, but I
wouldn't be able to help you with that.
Finally, this from the FAQ:
--faq-- --snort-- --faq-- --snort-- --faq-- --snort-- --faq--
Q: How can I run snort on multiple interfaces simultaneously.
A: If you aren't running snort on linux 2.1.x/2.2.x kernel (with LPF available)
the only way is to run multiple instances of snort, one instance per
interface. However for linux 2.1.x/2.2.x and higher you can use libpcap
library with S. Krahmer's patch which allows you to specify 'any' as interface
name. In this case snort will be able to process traffic comming to all
interfaces.
--faq-- --snort-- --faq-- --snort-- --faq-- --snort-- --faq--
Apparently under specific conditions linux users, and linux users only, *can*
specify 'any' as an interface. Are you using libpcap with S. Krahmer's patch?
Best regards,
Neil Dickey, Ph.D.
Research Associate/Sysop
Geology Department
Northern Illinois University
DeKalb, Illinois
60115
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort 1.7 problem with -i any Edwin Chiu (Jun 04)
- <Possible follow-ups>
- Re: Snort 1.7 problem with -i any Neil Dickey (Jun 04)
- Re: Snort 1.7 problem with -i any Edwin Chiu (Jun 05)
- Re: Snort 1.7 problem with -i any Fyodor (Jun 05)
- Re: Snort 1.7 problem with -i any Edwin Chiu (Jun 05)
- Snort 1.7 problem with -i any Edwin Chiu (Jun 04)
- Re: Snort 1.7 problem with -i any Neil Dickey (Jun 05)