On Fri, Sep 14, 2001 at 10:16:23PM +0800, Federico Sevilla III wrote:
> I'm checking out snort, a network intrusion detection system. I noticed
> that when I start the snort daemon to listen on eth0 (my NIC connected to
> the Internet), the interface enters promiscuous mode. I know what
> promiscuous mode is, but I'm wondering what the impacts of the device's
> being on promiscuous mode will be.
Naturally, if you want to listen to traffic on your network (that isn't passing
through you, that is), you'll need to be in promiscuous mode. Don't know how that
works in your situation - might be fun to dump all the traffic and see where it's
coming from...
You can disable this with the -p option, as promiscuous interfaces turn up on
arpwatch. Ask gino - I've been going on and off promiscuous mode trying to find people
infected by Sircam...
--
Sacha Chua <[EMAIL PROTECTED]> 3 BS CS geek =)
Ateneo Cervini-Eliazo Networks (ACENT) tel: 63(2) 426-6001 loc 5925
BOFH excuse #16: somebody was calculating pi on the server
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
