Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: no ip on interface?

From: Michael Boman <michael () ayeka dyndns org>
Date: Fri, 13 Sep 2002 00:47:53 +0800
On Thu, Sep 12, 2002 at 04:10:47PM +0000, T.Shaw wrote:

Hello all.. 
this might be a stupid question.. but here goes..I have snort 1.8.7
up and running loggin to a pgsql database. I haven't installed ACID as
of yet. I have configured snort to look at all traffic at an interface
that currently doesnt have an ip assigned to it. Basically the interface
is just up ( this is a linux box with two interfaces on it)  What im
wondering is even tho i have no ip on the interface, will snort still
be able to dump alerts and data into the database? Using a normal
sniffer (ethereal, tcpdump) i can view the traffic on the interface by
specifying the (usually) the -i parameter.  If i gave snort a smiliar
parameter.. everything should be fine correct? Would this screw up
reporting and alerts?


First bring up your sniffer interface with:

/sbin/ifconfig eth1 up

For snort use '-i' to specify interface ('-i eth1').

Snort doesn't need an IP on the interface it sniffs on. Most of my snort
installations are sniffing from a ip-less interface.

Best regards
 Michael Boman

-- 
Michael Boman
Student, Husband, Geek. Not necessary in that order thought.



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: