Configuring network interface to listen only

[Bill Bogstad]

On Wed, Aug 18, 2010 at 2:16 PM, Chris O'Connell <omegahalo-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
> Hi Everyone,
>
> I'm in the midst of migrating my SNORT installation over to a new server.  I
> have a second NIC in the server that I'm going to plug into a port on my
> switch which is mirrored to the uplink.  I need to configure this interface
> to listen only, which means it gets no IP address.
>
> I've configured this once before but kind of fumbled my way through it.  Can
> anyone tell me what I need to do to configure an ethernet port to listen
> only?

>From the ifconfig manual page:

up     This  flag  causes the interface to be activated.  It is implic‐
              itly specified if an address is assigned to the interface.

I'm pretty sure that if you don't give an address, but do give "up"
that it will do what you want.  Not sure how to modify system config
files to make it happen automatically.

You might also look into creating a "receive-only" UTP cable.  I'm not
sure how possible this is with gigabit/full-duplex switches, but here
is a link to at least get you started:

http://www.dgonzalez.net/pub/roc/node3.html

Good Luck,
Bill Bogstad