[Snort-users] problem with 2 interfaces......pls help!!

Tinu Patel tinu.patel at ...4164...
Tue Nov 27 10:25:07 EST 2001


Hi folks....
 
I am pretty new to snort...so this may be a dumb question but here
goes...
 
I have a snort box that has 2 sensors running on 2 different nic's. 
One of the nic's is capturing data outside the firewall and is working 
perfectly fine.  The other nic is capturing data inside the firewall 
from a monitor port on an HP switch (where we forwarded all switch 
traffic to).  The internal sensor is only picking up UDP data... and a 
TON of it.  It doubled the database size and then some in one night 
just from garbage sensor reports.
 
Why is it not picking any TCP traffic?  Am I doing something wrong here?

 
My snort.conf has:
 
log tcp any any -> 10.10.0.0/20 any any 
 
Thanks
 
Tinu
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20011127/b5f6aae5/attachment.html>


More information about the Snort-users mailing list