Snort mailing list archives
RE: -i switch
From: "Snort" <Snort () InterCept Net>
Date: Mon, 21 Mar 2005 17:18:09 -0500
The changing of the interfaces is a windows thing... I am not sure how you would hardcode the interface to a particular number. In the Unix world, no matter if you disable or not use an interface, it will always be what it was installed as or what you specify it as in the modules file. In windows, it changes based on if you disable or enable NIC, like you are experiencing now. To defeat the issue, you might have to come up with a script that will look for that NIC device string (found when you do snort -W), grep the interface number and start snort based on that interface. That makes your install a bit smarter so that you install 4 more nics for virtual webserver or pptp, snort will always start on that interface your looking for. Interface Device Description ------------------------------------------- 1 \Device\NPF_{9C7E2353-B2CB-4716-B424-582C30D2C4E2} (Broadcom NetXtreme Gigabi t Ethernet Driver) 2 \Device\NPF_{444422A1-AB79-4CDB-B3C9-FF274A4C6152} (Intel(R) PRO/1000 XT Netwo rk Connection) knowing the above, a script could* look like this eth="Snort.exe -W | grep.exe -i "C6152" | cut.exe -b 1" ^ this will produce a result of "2" Snort.exe -i"$eth" -o -c ../etc/snort.conf Michael Brown -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Lee Clemens Posted At: Monday, March 21, 2005 4:26 PM Posted To: Snort Conversation: [Snort-users] -i switch Subject: [Snort-users] -i switch I have seen documentation with using the -i switch followed by a number and with eth0, eth1, etc... However, it seems this is OS dependent. I am using windows and "Snort -W" does not supply the names of the connections (eth0,...). Is there any way I can cause these numbers to remain static or work around this issue some other way? I have tried installing Snort with "-i eth0" but OpenPcap fails to open the device. I am asking this because I disable/enable some network connections on this computer periodically and this disrupts the numbering scheme, causing Snort to be looking at the wrong NIC. Thanks! ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_ide95&alloc_id396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- -i switch Lee Clemens (Mar 21)
- RE: -i switch Michael Steele (Mar 21)
- <Possible follow-ups>
- FW: -i switch Lee Clemens (Mar 21)
- RE: -i switch Snort (Mar 21)
- RE: -i switch Chris Reid (Mar 21)
- RE: -i switch Michael Steele (Mar 21)
- RE: -i switch Chris Reid (Mar 21)
- -i switch Lee Clemens (Mar 23)
- SC Magazine Award Joe Matusiewicz (Mar 22)
- Re: SC Magazine Award Bjarte Malmedal (Mar 23)
- Re: SC Magazine Award Joe Matusiewicz (Mar 23)
- Re: SC Magazine Award Martin Roesch (Mar 24)
- Re: SC Magazine Award snort user (Mar 24)
- Re: SC Magazine Award Martin Roesch (Mar 24)
- Re: SC Magazine Award Brian (Mar 24)
- SC Magazine Award Joe Matusiewicz (Mar 22)