Portscan on an unaddressed sniffing interface

Leonard Isham leonard.isham at gmail.com
Fri Nov 4 02:17:03 UTC 2005


On 11/3/05, Timothy A. Holmes <tholmes at mcaschool.net> wrote:
> Hi folks:
>
> I have an odd request -

Not odd, but not quite the, IMHO, the best way.

> I need to do some sort of scan on an unaddressed sniffing interface on a
> SNORT box to test the installation to see if it is all working right.  I
> have a port scanner on my UBUNTU laptop that I could use if I knew how
> to address the port.

You need to testy the ability of your IDS to monitor packets. 
Portscan a non-existant IP address on the same subnet as the
monitoring interface.  If your IDS detects it you are fine.  If not
you may need to re-engineer your network to capture the traffic.

Next try a real IP and confirm that you capture the traffic.

> The management interface on the box (it's a FC4 box) is 192.168.0.28 and
> that's eth1
>
> The unaddressed port is eth0 on the same box
>
> Any suggestions would be most welcome
>
> TIM
>
>
> Timothy A. Holmes
> IT Manager / Network Admin / Web Master / Computer Teacher
>
> Medina Christian Academy
> A Higher Standard...
>
> Jeremiah 33:3
> Jeremiah 29:11
> Esther 4:14
>
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>


--
Leonard Isham, CISSP
Ostendo non ostento.




More information about the fedora-list mailing list