Snort mailing list archives
Re: Interface in promiscuous mode
From: Robby Desmond <rdesmond () els ucsb edu>
Date: Wed, 20 Nov 2002 12:28:27 -0800
At 07:56 PM 11/20/2002 +0000, Helder Rocha wrote:
Hello, I've installed the Snort and the SnortCenter but when I start the snort there are some info in my messages log file about the promiscuous mode but when I enter the commam "ifconfig -a" the interface does not apears as PROMISC. Is this normal? Do I really need the PROMISC set in eth0 interface?
Yes.
... Nov 20 18:47:36 xpto kernel: device eth0 entered promiscuous mode Nov 20 18:47:36 xpto kernel: device eth0 left promiscuous mode Nov 20 18:47:36 xpto kernel: device eth0 entered promiscuous mode Nov 20 18:47:36 xpto snort: Initializing daemon mode Nov 20 18:47:36 xpto snort: PID path stat checked out ok, PID path set to /var/run/ Nov 20 18:47:36 xpto snort: Writing PID "13562" to file "/var/run//snort_eth0.pid" Nov 20 18:47:36 xpto snort: Snort initialization completed successfully, Snort running
Since you don't get a "left promiscuous mode" line, I would think you're still running good.
Try using tcpdump to see if it's getting packets.
My snort machine is connected to a Cisco switch with others servers. How can I catch all packets in the LAN even if the destination is not my snort machine?
Look on Cisco or in your documentation about SPAN ports. -Robby Robert Desmond Systems Administrator UCSB Extended Learning Services 805-893-4906 ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Interface in promiscuous mode Helder Rocha (Nov 20)
- RE: Interface in promiscuous mode Mark Weaver (Nov 20)
- Re: Interface in promiscuous mode Robby Desmond (Nov 20)
- <Possible follow-ups>
- Fw: Interface in promiscuous mode Andrea Iacopini (Nov 20)
- Re: Interface in promiscuous mode Di Fazio Guido (Nov 22)