Hey all:
OBSD3.7
SNORT2.3.3
I have a machine with 4 nics running 4 instances of snort:
/usr/local/bin/snort -u sguil -g sguil -l /nsm/em0 -c
/etc/snort/em0.snort.conf -U -A none -m 122 -i em0 -D
/usr/local/bin/snort -u sguil -g sguil -l /nsm/em1 -c
/etc/snort/em1.snort.conf -U -A none -m 122 -i em1 -D
/usr/local/bin/snort -u sguil -g sguil -l /nsm/em2 -c
/etc/snort/em2.snort.conf -U -A none -m 122 -i em2 -D
/usr/local/bin/snort -u sguil -g sguil -l /nsm/em3 -c
/etc/snort/em3.snort.conf -U -A none -m 122 -i em3 -D
One of the 4 nics has an ip address, the others do not.
When I start up the 4 instances of snort, the nic (em0) with the ip
address shows up in promiscuous mode, the others do not.
# ifconfig -a
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33224
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8
em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
address: 00:04:23:bd:ab:d6
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet 10.1.1.3 netmask 0xffffff00 broadcast 10.1.1.255
inet6 fe80::204:23ff:febd:abd6%em0 prefixlen 64 scopeid 0x1
em1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
address: 00:04:23:bd:ab:d7
media: Ethernet autoselect (1000baseT full-duplex)
status: active
em2: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
address: 00:14:22:0f:84:2b
media: Ethernet autoselect (1000baseT full-duplex)
status: active
em3: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
address: 00:14:22:0f:84:2c
media: Ethernet autoselect (100baseTX full-duplex)
status: active
pflog0: flags=0<> mtu 33224
pfsync0: flags=0<> mtu 2020
enc0: flags=0<> mtu 1536
#
How do I get the other 3 ip-less nics to run in promiscuous mode in
OBSD?
Any help would be appreciated.
Sean
