Snort mailing list archives
Re: Don't see traffic unless have IP
From: "Ian Macdonald" <secsnort () dirk demon co uk>
Date: Wed, 22 May 2002 17:01:51 -0400
I saw a couple issues last week while trying to do some sniffing from a linux box, I ended up doing ifconfig eth0 up ifconfig eth0 promisc Ian ----- Original Message ----- From: "Glenn Forbes Fleming Larratt" <glratt () rice edu> To: "Jhumri Tilayia" <tilayia () hotmail com> Cc: <snort-users () lists sourceforge net> Sent: Saturday, May 18, 2002 3:40 PM Subject: Re: [Snort-users] Don't see traffic unless have IP
Hm. The same config works fine for me (Cisco 3524XL, Sun Ultra 10,
Solaris).
You did "ifconfig {interface} up", even though the interface is unaddressed, didn't you? If not, try that. -g On Thu, 16 May 2002, Jhumri Tilayia wrote:Hello, I am mirroring traffic on a Cisco switch to the port where the Snort box
is
hanging off of. The interface on the Snort box has no IP address. The problem is that Snort does not see any traffic if that interface does
not
have an IP assigned to it. As soon as I assign any random IP to it it
works
just fine. Is it a known issue with Snort or does it sound like something to do
with
the switch (Cisco 6500) we are using ? Also, is it possible to use a port that sees all the mirrored traffic as
a
source port (i.e. can I connect to the interface hanging off of that
port ?)
Thanks.Glenn Forbes Fleming Larratt Rice University Network Management glratt () rice edu _______________________________________________________________ Hundreds of nodes, one monster rendering program. Now that's a super model! Visit http://clustering.foundries.sf.net/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Don't see traffic unless have IP Jhumri Tilayia (May 18)
- Re: Don't see traffic unless have IP Glenn Forbes Fleming Larratt (May 18)
- Re: Don't see traffic unless have IP Ian Macdonald (May 22)
- Re: Don't see traffic unless have IP Glenn Forbes Fleming Larratt (May 18)