[Snort-users] problem with 2 interfaces......pls help!!

Tinu Patel tinu.patel at ...4164...
Tue Nov 27 10:25:07 EST 2001

Hi folks....
I am pretty new to snort...so this may be a dumb question but here
I have a snort box that has 2 sensors running on 2 different nic's. 
One of the nic's is capturing data outside the firewall and is working 
perfectly fine.  The other nic is capturing data inside the firewall 
from a monitor port on an HP switch (where we forwarded all switch 
traffic to).  The internal sensor is only picking up UDP data... and a 
TON of it.  It doubled the database size and then some in one night 
just from garbage sensor reports.
Why is it not picking any TCP traffic?  Am I doing something wrong here?

My snort.conf has:
log tcp any any -> any any 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20011127/b5f6aae5/attachment.html>

More information about the Snort-users mailing list