Snort mailing list archives
Re: Interface in promiscuous mode
From: "Di Fazio Guido" <g.difazio () guest edisontel it>
Date: Fri, 22 Nov 2002 10:34:42 +0100
-----Messaggio originale----- Da: Helder Rocha [mailto:hrocha () da-telecom com] Inviato: mercoledì 20 novembre 2002 20:57 A: snort-users () lists sourceforge net Oggetto: [Snort-users] Interface in promiscuous mode
Hello,
I've installed the Snort and the SnortCenter but when I start the snort there are some info in my messages log file about the promiscuous mode but when I enter the commam "ifconfig -a" the interface does not apears as PROMISC.
Is this normal? Do I really need the PROMISC set in eth0 interface?
It is normal it is the same on my system and it works correctly.
... Nov 20 18:47:36 xpto kernel: device eth0 entered promiscuous mode Nov 20 18:47:36 xpto kernel: device eth0 left promiscuous mode Nov 20 18:47:36 xpto kernel: device eth0 entered promiscuous mode Nov 20 18:47:36 xpto snort: Initializing daemon mode Nov 20 18:47:36 xpto snort: PID path stat checked out ok, PID path set to /var/run/ Nov 20 18:47:36 xpto snort: Writing PID "13562" to file "/var/run//snort_eth0.pid" Nov 20 18:47:36 xpto snort: Snort initialization completed successfully, Snort running
Enable the "span" function on your switch but start with few ports because is a hard job for your switch (try to read the Cisco doc ) http://www.cisco.com/en/US/products/hw/switches/ps628/products_configuration_guide_chapter09186a00800d84c5.html
My snort machine is connected to a Cisco switch with others servers. How can I catch all packets in the LAN even if the destination is not my snort machine?
Bye Guido
Thanks in advance, Helder Rocha hrocha () da-telecom com
------------------------------------------------------- This sf.net email is sponsored by: Battle your brains against the best in the Thawte Crypto Challenge. Be the first to crack the code - register now: http://www.gothawte.com/rd521.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Edisontel Spa. - Il messaggio è stato controllato dal sistema AntiVirus [a] <<<
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Interface in promiscuous mode Helder Rocha (Nov 20)
- RE: Interface in promiscuous mode Mark Weaver (Nov 20)
- Re: Interface in promiscuous mode Robby Desmond (Nov 20)
- <Possible follow-ups>
- Fw: Interface in promiscuous mode Andrea Iacopini (Nov 20)
- Re: Interface in promiscuous mode Di Fazio Guido (Nov 22)