Snort mailing list archives
Re: stealth interface
From: "Mike Beal" <Mike.Beal () vintagetul com>
Date: Tue, 01 Oct 2002 16:17:16 -0500
I'm brand new to Snort myself. When I was setting it up, I ran into the same thing. Running RH7.3, 2 nics. I found I couldn't activate the 2nd nic using the GUI tools, I had to manually start it up from a shell using ifconfig eth1 up. Not much, but I hope it helps.
Dallas Jordan <DJordan () sawgrassink com> 10/01/02 03:04PM >>>
I am pretty new to snort, so forgive my ignorance. I have FreeBSD 4.5 and Snort 1.8.1. I am trying to set Snort up to monitor an interface with no IP address. But I cant seem to get it to log anything to the /var/log/snort directory. When I start Snort everything appears to be fine. I use the -v flag to see if it is "seeing" anything, and I can see lots of packets on the monitor. But none are getting logged. I am using the -l /var/log/snort option for the logging. I have my $HOME_NET 10.0.0.0/24 and EXTERNAL_NET !$HOME_NET. Don't know if that helps anyone. I also have another NIC with a IP address that I will use to access the snort box. If I set up snort to monitor this interface, it works as it should. Everything gets logged into directories according to IP addresses. I also have a rule that alerts to all TCP traffic, just to check if SnortSnarf is working correctly with my alert file. When Snort is monitoring the interface with no IP no alerts are logged. But they are logged, when monitoring the interface with an IP. I am sure it is something simple I'm missing, but I cant figure it out. Thanks for any help you can give. ------------------------------------------------------- This sf.net email is sponsored by: DEDICATED SERVERS only $89! Linux or FreeBSD, FREE setup, FAST network. Get your own server today at http://www.ServePath.com/indexfm.htm _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by: DEDICATED SERVERS only $89! Linux or FreeBSD, FREE setup, FAST network. Get your own server today at http://www.ServePath.com/indexfm.htm _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- stealth interface Dallas Jordan (Oct 01)
- <Possible follow-ups>
- RE: stealth interface Wirth, Jeff (Oct 01)
- RE: stealth interface Dallas Jordan (Oct 01)
- Re: stealth interface Mike Beal (Oct 01)
- Re: stealth interface Joe Matusiewicz (Oct 02)
- RE: stealth interface Matt Yackley (Oct 02)
- Re: stealth interface Jon Quiros (Oct 02)
- Re: 2 sensors/1 interface? Martin Olsson (Oct 02)
- RE: stealth interface Dallas Jordan (Oct 02)