* [gentoo-user] A nic with no IP
@ 2006-10-06 15:05 Timothy A. Holmes
2006-10-06 15:27 ` Arturo 'Buanzo' Busleiman
2006-10-06 20:02 ` [gentoo-user] " James
0 siblings, 2 replies; 4+ messages in thread
From: Timothy A. Holmes @ 2006-10-06 15:05 UTC (permalink / raw
To: gentoo-user
Hi folks:
I am working on my snort sensor box which runs gentoo. The setup that I
am going to do requires me to have one nic (an intel Pro1000) with no ip
on it (it is currently eth0 as the machine is currently set up). I know
how to set up the nic in the /etc/conf.d/net file but making it have no
ip is a little different. Snort will put the nic in promiscous mode to
capture packets
Thanks
TIM
Timothy A. Holmes
IT Manager / Network Admin / Web Master / Computer Teacher
Medina Christian Academy
A Higher Standard...
Jeremiah 33:3
Jeremiah 29:11
Esther 4:14
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [gentoo-user] A nic with no IP
2006-10-06 15:05 [gentoo-user] A nic with no IP Timothy A. Holmes
@ 2006-10-06 15:27 ` Arturo 'Buanzo' Busleiman
2006-10-06 15:40 ` Timothy A. Holmes
2006-10-06 20:02 ` [gentoo-user] " James
1 sibling, 1 reply; 4+ messages in thread
From: Arturo 'Buanzo' Busleiman @ 2006-10-06 15:27 UTC (permalink / raw
To: gentoo-user
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Timothy A. Holmes wrote:
> I am working on my snort sensor box which runs gentoo. The setup that I
> am going to do requires me to have one nic (an intel Pro1000) with no ip
> on it (it is currently eth0 as the machine is currently set up). I know
> how to set up the nic in the /etc/conf.d/net file but making it have no
> ip is a little different. Snort will put the nic in promiscous mode to
> capture packets
- From /etc/conf.d/net.example:
# If you don't want ANY address (only useful when calling for advanced stuff)
#config_eth0=( "null" )
Then add the interface in the runlevel, as usual.
- --
Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica
"Do you know about the dangers of DRM? Find out at http://www.defectivebydesign.org/what_is_drm"
http://www.buanzo.com.ar | http://www.vivamoslavida.com.ar : Portal no-comercial del buen vivir!
for f in www blog linux-consulting vpnmail; do firefox http://$f.buanzo.com.ar ; done
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFJnXFAlpOsGhXcE0RAnrNAJ9OyhJ1G3RmoFeFla2GxqQgDI8EmQCfQeqf
te1tRvX0yQS+yT4OsjmV8WE=
=BNwj
-----END PGP SIGNATURE-----
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 4+ messages in thread
* RE: [gentoo-user] A nic with no IP
2006-10-06 15:27 ` Arturo 'Buanzo' Busleiman
@ 2006-10-06 15:40 ` Timothy A. Holmes
0 siblings, 0 replies; 4+ messages in thread
From: Timothy A. Holmes @ 2006-10-06 15:40 UTC (permalink / raw
To: gentoo-user
> > I am working on my snort sensor box which runs gentoo. The
> setup that
> > I am going to do requires me to have one nic (an intel
> Pro1000) with
> > no ip on it (it is currently eth0 as the machine is
> currently set up).
> > I know how to set up the nic in the /etc/conf.d/net file
> but making it
> > have no ip is a little different. Snort will put the nic in
> > promiscous mode to capture packets
>
> - From /etc/conf.d/net.example:
>
> # If you don't want ANY address (only useful when calling for
> advanced stuff) #config_eth0=( "null" )
>
> Then add the interface in the runlevel, as usual.
> - --
> Arturo "Buanzo" Busleiman - Consultor Independiente en
Arturo -- thanks -- :)
Timothy A. Holmes
IT Manager / Network Admin / Web Master / Computer Teacher
Medina Christian Academy
A Higher Standard...
Jeremiah 33:3
Jeremiah 29:11
Esther 4:14
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 4+ messages in thread
* [gentoo-user] Re: A nic with no IP
2006-10-06 15:05 [gentoo-user] A nic with no IP Timothy A. Holmes
2006-10-06 15:27 ` Arturo 'Buanzo' Busleiman
@ 2006-10-06 20:02 ` James
1 sibling, 0 replies; 4+ messages in thread
From: James @ 2006-10-06 20:02 UTC (permalink / raw
To: gentoo-user
Timothy A. Holmes <tholmes <at> mcaschool.net> writes:
> I am working on my snort sensor box which runs gentoo. The setup that I
> am going to do requires me to have one nic (an intel Pro1000) with no ip
> on it (it is currently eth0 as the machine is currently set up). I know
> how to set up the nic in the /etc/conf.d/net file but making it have no
> ip is a little different. Snort will put the nic in promiscous mode to
> capture packets
Piece of cake, for a stealth sniffer. it allows you to sniff the
local ethernet traffic, yet the system is undetectable. You will
not be abble to modulate data out of this port, just receive data
in promiscuous mode, into the eth0 port.
for example
ifconfig eth0 inet 0.0.0.0
Works like a charm with wireshark(ethereal). If you need to ssh out
of the same machine, just install a second ethernet card
and set it up normally. I put this sniffier our my outbound(cable)
port to sniffer the outside of the firewall all the time. Works
like a charm! If you want to make it permanent, just
put the settins in /etc/conf.d/net
also if, you have multiple ethernet ports in the machine,
you may need to tweek the routing tables (netstat -nr).
hth,
James
--
gentoo-user@gentoo.org mailing list
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2006-10-06 20:08 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-10-06 15:05 [gentoo-user] A nic with no IP Timothy A. Holmes
2006-10-06 15:27 ` Arturo 'Buanzo' Busleiman
2006-10-06 15:40 ` Timothy A. Holmes
2006-10-06 20:02 ` [gentoo-user] " James
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox