running argus on linux with 'unnumbered' interface
Russell Fulton
r.fulton at auckland.ac.nz
Mon May 7 01:11:14 EDT 2001
Hi,
I am experimenting with setting up a passive monitoring
interface using linux (debian potato if it matters). I have set up
ipchain rules so no traffic can pass in or out the interface (this does
not appear to affect libpcap captures btw) and was wondering if there
is any way of starting argus on an interface that does not have an IP
address configured.
hihi:~# ifconfig
eth0 Link encap:Ethernet HWaddr 00:06:29:AF:00:A8
inet addr:130.216.1.228 Bcast:130.216.1.255
Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:182 errors:0 dropped:0 overruns:0 frame:0
TX packets:56 errors:0 dropped:0 overruns:0 carrier:0
collisions:23 txqueuelen:100
Interrupt:11 Base address:0xec00
eth1 Link encap:Ethernet HWaddr 00:10:C6:07:03:78
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:13 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:12 Base address:0xe400
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:3924 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
hihi:~# ~argus/bin/argus_linux -i eth1
argus_linux[284]: ArgusInitSource: SIOCGIFADDR: eth1: Cannot assign
requested address
I seen to have been able to start netramet (which also uses libpcap) in
an interface with no IP, however I have not tested this extentively.
Russell Fulton, Computer and Network Security Officer
The University of Auckland, New Zealand
More information about the argus
mailing list