Snort mailing list archives

Previous By Date Next
Previous By Thread Next

AW: snort on IP-less interface

From: "Poppi, Sandro" <Sandro.Poppi () wacker com>
Date: Wed, 10 Apr 2002 07:24:20 +0200
Mel,

I suppose you'r on a switch. That behaviour is normal under that
circumstances. I suppose on fxp0 you only see packets directed to the snort
box but nothing else. Take a look at the Snort-FAQ
http://www.snort.org/docs/faq.html#1.8 or the mailinglist archive.

HTH,
Sandro


Snort is running on OpenBSD-3.0, on an Intel 1u rackmount server (with
the eepro NICs).

fxp0 has an IP
fxp1 does not have an IP

When I tested snort:

snort -v -i fxp0 I get a whole bunch of packets

When I tested with:

snort -v -i fxp1 I get only ARP (and some UDP in response to the ARP
requests) packets, no TCP packets.

Is there any other special configurations that I need to do on the 
IP-less interface (on the NIC, I mean)? 
Or do I have to resort to building a sniffing only cable for the 
IP-less interface?

--mel

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: