Timothy A. Holmes <tholmes <at> mcaschool.net> writes:
> I am working on my snort sensor box which runs gentoo. The setup that I > am going to do requires me to have one nic (an intel Pro1000) with no ip > on it (it is currently eth0 as the machine is currently set up). I know > how to set up the nic in the /etc/conf.d/net file but making it have no > ip is a little different. Snort will put the nic in promiscous mode to > capture packets Piece of cake, for a stealth sniffer. it allows you to sniff the local ethernet traffic, yet the system is undetectable. You will not be abble to modulate data out of this port, just receive data in promiscuous mode, into the eth0 port. for example ifconfig eth0 inet 0.0.0.0 Works like a charm with wireshark(ethereal). If you need to ssh out of the same machine, just install a second ethernet card and set it up normally. I put this sniffier our my outbound(cable) port to sniffer the outside of the firewall all the time. Works like a charm! If you want to make it permanent, just put the settins in /etc/conf.d/net also if, you have multiple ethernet ports in the machine, you may need to tweek the routing tables (netstat -nr). hth, James -- gentoo-user@gentoo.org mailing list
