Snort mailing list archives
RE: Using snort to listen on a nic without an IP
From: "Vigilant Labs" <labs () thevigilant com>
Date: Thu, 22 Jan 2004 20:39:07 -0500
In the BSD starup script /usr/local/etc/rc.d you can add a line to do an do an ifup on your interface.. ifup eth0 [or] ifup xl0 [or] ifup [interface abbreviation] Do a ifconfig to determine what the interface abbreviation is. This turns the interface "on" without giving it an IP. Snort can then "listen" on this interface. At least this is the old school way to do it. There might be something you can edit in snort.conf... Anyone? Joseph C. Magee Chief Technology Officer Vigilant, LLC. Phone: 617.921.8671 Fax: 877.577.6718 E-mail: jmagee[at]thevigilant.com Web: http://www.thevigilant.com Leaders in Security Management Integration
-----Original Message----- From: Mark Reis [mailto:mcr2z () cs virginia edu] Sent: Wednesday, January 21, 2004 4:47 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Using snort to listen on a nic without an IP Hello, I have snort running on a FreeBSD 5.1 box and was using it to monitor the uplink for ~1500 machines. Unfortunately, I found out that all of this traffic would flood the network connection and I could hardly even ssh into the machine. So I've placed a second nic into the machine and I would like to configure it for snort to listen without giving it an IP. I'd appreciate help on what conf changes I'd need to do with both freebsd and snort. Thanks, Mark ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/s> nort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Using snort to listen on a nic without an IP Mark Reis (Jan 21)
- Re: Using snort to listen on a nic without an IP james (Jan 21)
- Re: Using snort to listen on a nic without an IP Frank Knobbe (Jan 21)
- <Possible follow-ups>
- Re: Using snort to listen on a nic without an IP M. Morgan (Jan 21)
- RE: Using snort to listen on a nic without an IP Schmehl, Paul L (Jan 21)
- RE: Using snort to listen on a nic without an IP List Mail (Jan 21)
- Using snort to listen on a nic without an IP Mark Reis (Jan 22)
- RE: Using snort to listen on a nic without an IP Vigilant Labs (Jan 22)
- Re: Using snort to listen on a nic without an IP james (Jan 21)