-
March 6th, 2005, 03:28 AM
#1
Snort question - using with no IP
Ok got a basic networking/Snort newb question here...I'm new to Snort and know just basic Linux networking....
I have Snort running on RedHat Linux Fedora Core 3. I want to monitor traffic (attacks) on my home Internet connection: the connection is cable modem and I only get 1 IP. I want to be able to continue having an Internet connection so my firewall needs to stay hooked up to the cable modem and have an IP -- hence the only allowed 1 IP statement. I have placed a hub in between my cable modem and firewall (of course) and have plugged the Snort box up to that hub as well (so it's outside of my firewall).
When I try to start Snort without an IP on the interface -- just brought up interface but doesnt have anything assigned to it -- Snort doesnt start. When I assign an IP of 0.0.0.0 I see traffic (TCPDUMP) but it's just a bunch of ARPs from various IPs with a DHCP request thrown in.
My question is: how can I set Snort up to monitor this activity without giving it an IP?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|