[Snort-users] (no subject)
rhouston at ...6063...
Wed Jun 12 12:41:04 EDT 2002
I need some help with setting up snort as a NIDS.
I have version 1.8.3 installed on a RH 6.2 machine attached to 2 stacked
3com hubs. If I port scan the snort host I get lots of log messages
related to the port scan, I all so use typhon to scan the snort host with
a selection of exploits Scan and all seems fine. I have all messages
going to syslog.
Now here is the issue. If I scan a host other than the snort host, snort
does not log anything.
Here is the command I used to start snort.
/usr/sbin/snort -dev -h 10.1.1.0/24 -l /var/log/snort -d -D -i eth0 -c
Here is the out put of ifconfig:
eth0 Link encap:Ethernet HWaddr 00:60:97:AE:0C:05
inet addr:10.1.1.2 Bcast:10.1.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:19415209 errors:248 dropped:0 overruns:0 frame:248
TX packets:439766 errors:0 dropped:0 overruns:0 carrier:0
Interrupt:10 Base address:0x300
Any help would be greatly appreciated.
Thanks in advance
This email was sent using SquirrelMail.
"Webmail for nuts!"
More information about the Snort-users