[Snort-users] (no subject)

Richard Houston rhouston at ...6063...
Wed Jun 12 12:41:04 EDT 2002

Hello all,

I need some help with setting up snort as a NIDS.

I have version 1.8.3 installed on a RH 6.2 machine attached to 2 stacked
3com hubs. If I port scan the snort host I get lots of log messages
related to the  port scan, I all so use typhon to scan the snort host with
a selection of exploits Scan and all seems fine.  I have all messages
going to syslog.
Now here is the issue. If I scan a host other than the snort host, snort
does not log anything.
Here is the command I used to start snort.
/usr/sbin/snort -dev -h -l /var/log/snort -d -D -i eth0 -c
Here is the out put of ifconfig:
eth0      Link encap:Ethernet  HWaddr 00:60:97:AE:0C:05
          inet addr:  Bcast:  Mask:
          RX packets:19415209 errors:248 dropped:0 overruns:0 frame:248
          TX packets:439766 errors:0 dropped:0 overruns:0 carrier:0
          collisions:19226 txqueuelen:100
          Interrupt:10 Base address:0x300

Any help would be greatly appreciated.

Thanks in advance


This email was sent using SquirrelMail.
   "Webmail for nuts!"

More information about the Snort-users mailing list