28 Feb
2002
28 Feb
'02
22:13
On Thursday 28 February 2002 15:41, Boris Lorenz wrote:
Yup,
snort has a command-line option -p, which disables promiscuous mode sniffing. Are you sure you haven't used this option, maybe accidentally?
Yep, I'm sure. I saw notices in var/log/messages that said the interface went into promiscuous mode, and I tested with tcpdump -i eth0. I've now tested on a machine that had a fresh install with no connection to the internet and it exhibits the same behaviour (which calmed my nerves somewhat :). All three machines had the 8139too driver, so right now I'm thinking it's a bug in that driver, that it never updates the proper fields in the control structure or something. //Anders