RE: [Snort-users] Can snort use an unconfigured interface?
This is a discussion on RE: [Snort-users] Can snort use an unconfigured interface? within the Snort forums, part of the System Security and Security Related category; Is the NIC initialized? It appears to be down. Yes, you can grab packets in promisicuous mode, but the NIC ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
05-21-2004
|
|||
|
|||
RE: [Snort-users] Can snort use an unconfigured interface?
Is the NIC initialized? It appears to be down. Yes, you can grab packets
in promisicuous mode, but the NIC has to be UP! If you do ifconfig -a or ifconfig sis0, what do you get? It doesn't need an IP, but does need to be configured to have drivers loaded, and to be 'UP' and RUNNING. Pcap can't open a NIC that's not running, which it looks like you have..... (don't know BSD that well, but there must be some startup scripts for the NIC, on Linux it's /etc/sysconfig/network-scripts) make sure the NIC is set to "onboot=yes" [root@pleiades root]# more /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 BOOTPROTO=static BROADCAST=x.x.x.x IPADDR=x.x.x.x NETMASK=x.x.x.x NETWORK=x.x.x.x ONBOOT=yes Corey >From: "Shaun T. Erickson" <ste@smxy.org> >Reply-To: ste@smxy.org >To: snort-users@lists.sourceforge.net >Subject: [Snort-users] Can snort use an unconfigured interface? >Date: Fri, 21 May 2004 14:26:11 -0400 > >I thought that you can put an initerface into promiscuous mode and grab >packets off the wire without it being configured up. I'd swear I've done >this in the past, but perhaps my memory fails me. > >I tried to have snort use a second, connected, but unconfigured, nic, to >listen on, but I get: > >>Initializing Network Interface sis0 >>ERROR: OpenPcap() device sis0 open: >> BIOCSETIF: sis0: Network is down >>Fatal Error, Quitting.. > >This is on FreeBSD 5.2.1. > > -ste > > >------------------------------------------------------- >This SF.Net email is sponsored by: Oracle 10g >Get certified on the hottest thing ever to hit the market... Oracle 10g. >Take an Oracle 10g class now, and we'll give you the exam FREE. >http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click >_______________________________________________ >Snort-users mailing list >Snort-users@lists.sourceforge.net >Go to this URL to change user options or unsubscribe: >https://lists.sourceforge.net/lists/...fo/snort-users >Snort-users list archive: >http://www.geocrawler.com/redir-sf.p...st=snort-users __________________________________________________ _______________ Get 200+ ad-free, high-fidelity stations and LIVE Major League Baseball Gameday Audio! http://radio.msn.click-url.com/go/on...ave/direct/01/ ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
