Snort mailing list archives
Help with setting up snort in "stealth mode"
From: Michael Grenley <grenleym () agcs com>
Date: Mon, 13 Aug 2001 15:25:19 -0700
I am trying to set up snort in stealth mode. I have two interfaces, eth0 and eth1. eth0 is setup normally with an IP and eth1 is my snort interface setup with no ip but the interface is "ifconfig'd up'd". In addition, I am using an ethertap so that I can see the traffic without a hub. When I try to sniff I see no traffic on the eth1 interface. I have tried tcpdump -n -i eth1 -p (and without the p). When I start up snort, I see the following message in the logs: Aug 13 15:13:18 gnewt kernel: eth1: Setting promiscuous mode. Aug 13 15:13:18 gnewt snort: WARNING: OpenPcap() device eth1 network lookup: ^ISIOCGIFADDR: eth1: Cannot assign requested address Aug 13 15:13:18 gnewt snort: snort startup succeeded What am I doing wrong? Have I missed something? _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Help with setting up snort in "stealth mode" Michael Grenley (Aug 13)
- <Possible follow-ups>
- RE: Help with setting up snort in "stealth mode" Jean-Pierre Harvey (Aug 13)