Portscan on an unaddressed sniffing interface
Leonard Isham
leonard.isham at gmail.com
Fri Nov 4 02:17:03 UTC 2005
On 11/3/05, Timothy A. Holmes <tholmes at mcaschool.net> wrote:
> Hi folks:
>
> I have an odd request -
Not odd, but not quite the, IMHO, the best way.
> I need to do some sort of scan on an unaddressed sniffing interface on a
> SNORT box to test the installation to see if it is all working right. I
> have a port scanner on my UBUNTU laptop that I could use if I knew how
> to address the port.
You need to testy the ability of your IDS to monitor packets.
Portscan a non-existant IP address on the same subnet as the
monitoring interface. If your IDS detects it you are fine. If not
you may need to re-engineer your network to capture the traffic.
Next try a real IP and confirm that you capture the traffic.
> The management interface on the box (it's a FC4 box) is 192.168.0.28 and
> that's eth1
>
> The unaddressed port is eth0 on the same box
>
> Any suggestions would be most welcome
>
> TIM
>
>
> Timothy A. Holmes
> IT Manager / Network Admin / Web Master / Computer Teacher
>
> Medina Christian Academy
> A Higher Standard...
>
> Jeremiah 33:3
> Jeremiah 29:11
> Esther 4:14
>
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>
--
Leonard Isham, CISSP
Ostendo non ostento.
More information about the fedora-list
mailing list