[Snort-users] Help with config

Michael Thompson mike at ...10501...
Sun Dec 28 01:20:01 EST 2003

Hi Snort-users,

  I have had to resort to using a hub between the ADSL Modem and
  router. So my network looks like this now:


  (Snort Listening here)
  Router / Firewall

  Remainder of network

  With this setup, snort seems unable to log anything at all. I have
  been to several scanner sites and nothing is logged. What should I
  set the HOME_NET variable to in this config? (Is it my global IP??) Is there any other
  settings I need to change? The interface snort is plugged into on
  the machine is eth1, which is activated on bootup, and snort states
  it is listening there in promiscuios mode. It does not have a IP
  associated with it, the RedHat config tool states this interface is
  inactive, but I assume that this is as far as Gnome is concerd, and
  it is active as far as snort is concerd. Am I right?

  I realise that there is no local IP's in this config, as snort is
  listening before the NAT translation takes place, but at least I
  will have some idea of what is hitting the firewall.


Best regards,
 Michael (mike at ...10501...)
This is only a test. 

PGP KeyID := 0xA9547E32

'To see a world in a grain of sand
And heaven in a wild flower
To hold infinity in the palm of your hand
And eternity in an hour'

Using TheBat! Version 2.02.3 CE
Running On Windows XP (2600, Service Pack 1)
Sent From OneAndOne

More information about the Snort-users mailing list