Re: snort and demarc frontend and Promiscuous mode

[Erek Adams <erek () theadamsfamily net>]

On Wed, 4 Sep 2002, Lavin, John wrote:

> Do I need two network cards in order to run snort in Promiscuous mode?

No.

> I am running this on a linux box with one nic card right now. So currently
> if I do a nmap scan from another linux box right at the box with snort
> loaded on it....
>
>  nmap -O (ip address of the box)
>
> It will trigger the alerts.
> However If I scan another pc plugged into the same hub it does not report
> finding anything.
> so I think I need to adjust the mode or install another nic card then setup
> the Promiscuous mode.

Nope.  Just read the FAQ.

>  Can anyone please let me know how to do this or point me to the correct
> documentation. I know how to put in the nic and set it up, I just want to
> find out what the interfaces are labeled from snorts point of view and know
> what options I need to add to snort when I start it up.

ifconfig -a

Will show you all interfaces.  Snort uses the same names as the OS.


If you are using a 'dual speed hub', then check out the FAQ.

        http://www.snort.org/docs/faq.html#6.21

If you are using a switch, setup SPAN (Cisco's) or use the 'monitor port'.

Hope that helps!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net



-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users