Snort mailing list archives

Re: Promiscuous mode

From: Derek Glidden <dglidden () illusionary com>
Date: 30 Oct 2002 12:29:16 -0500

On Wed, 2002-10-30 at 11:25, Paul Enlund wrote:

Tried upgrading from Snort 1.8.6 to 1.9 on a Debian 2.2.20 system
and I find that the eth0 interface enters promiscuous mode then
returns back to normal.

Options used are.

start-stop-daemon --start --quiet --exec $DAEMON -- \
   -D -c /etc/snort/snort.conf \
   -l /var/log/snort/ \
   -b

I also tried 1.8.7 and this also suffers the same problem I find with
1.9

Anybody seen this before and know the solution ?


I have the same problem.  Debian 2.2 and 3.0 systems with 2.4.18
kernels.  Interestingly, if I DON'T use "-D", the interface stays in
promisc mode, however, I need these probes to be running in the
background.

I "solved" it by adding "ifconfig eth0 promisc" to the startup script,
immediately after starting snort.  :P

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
#!/usr/bin/perl -w
$_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$t=255;@t=map
{$_%16or$t^=$c^=($m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;
$t^=(72,@z=(64,72,$a^=12*($_%16-2?0:$m&17)),$b^=$_%64?12:0,@z)
[$_%8]}(16..271);if((@a=unx"C*",$_)[20]&48){$h=5;$_=unxb24,join
"",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$d=
unxV,xb25,$_;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=$t&($d

12^$d>>4^$d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*

8^$q<<6))<<9,$_=$t[$_]^(($h>>=8)+=$f+(~$g&$t))for@a[128..$#a]}
print+x"C*",@a}';s/x/pack+/g;eval 

usage: qrpff 153 2 8 105 225 < /mnt/dvd/VOB_FILENAME \
    | extract_mpeg2 | mpeg2dec - 

         http://www.cs.cmu.edu/~dst/DeCSS/Gallery/
http://www.eff.org/                   http://www.anti-dmca.org/



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Promiscuous mode Paul Enlund (Oct 30)
- Re: Promiscuous mode Derek Glidden (Oct 30)
- Re: Promiscuous mode quentyn (Oct 30)
  - Re: Promiscuous mode Eli Stair (Oct 31)
    - RE: Promiscuous mode Gene Gomez (Oct 31)