[kwlug-disc] Promiscuous mode

Brad Bierman bbierman42 at gmail.com
Tue Apr 13 23:42:51 EDT 2010


Here is the config file from my snort sensor.
auto lo
iface lo inet loopback

auto eth0 eth1
# The primary network interface
iface eth0 inet static
	address 5.0.0.2
	netmask	255.255.255.0
	gateway	5.0.0.1
# Setup the Snort interface
iface eth1 inet manual
	up ifconfig eth1 0.0.0.0 up
	up ip link set eth1 promisc on
	down ip link set eth1 promisc off
	down ifconfig eth1 down

This is a Ubuntu box, but it should be the same as Debian.  It is
important to make the promisc interface an IP address that is not
routable.  Add a second interface with an IP address so you can get
the machine.

Brad
P.S. Yes I know that I have used a Bogon IP for this example.

On Tue, Apr 13, 2010 at 10:22 PM, Lori Paniak
<ldpaniak at fourpisolutions.com> wrote:
> From /usr/share/doc/ifupdown/examples/network-interfaces on my ubuntu
> box:
>
> In /etc/network/interfaces:
>
> auto eth0
> iface eth0 inet manual
>        up ifconfig $IFACE 0.0.0.0 up
>        up ip link set $IFACE promisc on
>        down ip link set $IFACE promisc off
>        down ifconfig $IFACE down
>
>
> On Tue, 2010-04-13 at 21:20 -0400, Paul Nijjar wrote:
>> I have been looking online for the quick solution to this but Skynet
>> is failing me.
>>
>> I am running Debian Lenny. I can put an interface into promiscuous
>> mode by typing
>>
>> ip link set eth0 promisc on
>>
>> What config file do I have to change (and how do I have to change it?)
>> so that the interface will come up in promiscuous mode on bootup?
>> (Yes, maybe this is a stupid idea. Assume that I want to do it
>> anyways, because I am a stupid person.)
>>
>> - Paul
>>
>>
>
>
> _______________________________________________
> kwlug-disc_kwlug.org mailing list
> kwlug-disc_kwlug.org at kwlug.org
> http://astoria.ccjclearline.com/mailman/listinfo/kwlug-disc_kwlug.org
>
>



-- 
http://www.google.com/profiles/bbierman42




More information about the kwlug-disc mailing list