-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
It's a known bug on MBP's. For what it's worth, it happens to me on
my MBP too and I curse it mightily whenever I forget and start a
sniffer on the wireless interface by accident.
From the wireshark lists:
http://www.mail-archive.com/wireshark-users@wireshark.org/msg00803.html
Apple uses Snort internally, maybe I can lob a query in there and
they'll leap into action. (And maybe Steve Jobs will give me a
personal call to thank me. I can always dream....)
-Marty
On Aug 29, 2007, at 9:32 AM, Quantum Scientific wrote:
I've turned off promiscuous. Same problem. Gotta ditch Snort.
On 29 Aug, 2007, at 04:06, Dev Null wrote:
I have no idea :(. All I know is that passive sniffing and being
connected at the same time just do not work.
Kismet and company switch channels in order to scan, which
automatically drops you from whatever AP you were connected to on
the (now) old channel.
Not sure why just firing up snort would drop AP. I suspect the
driver sees the card is now in promiscuous mode and decides it
needs to reset the card / AP association.
Kinda weird. I do wifi sniffing w/ snort and kismet all the time.
Kismet drops AP as expected. Snort never does.
---------------------------------------------------------------------
----
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a
browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
----------------------------------------------------------------------
---
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a
browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- --
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source IDP - http://www.snort.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iD8DBQFG1X/uqj0FAQQ3KOARAudVAJ0eEB1TOmpfI6KA7nvhvR1SLJ1MIQCbBHmo
R7IBYFlzZu63biNXcdGfsbQ=
=h9FT
-----END PGP SIGNATURE-----
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
