[Snort-users] Trouble Snorting with Multiple Interfaces

Travis Rodak trodak at ...9233...
Tue May 20 15:04:12 EDT 2003


I am having trouble seeing data on eth1 when eth0 has been started and 
runs at the same time.
snort -d -i eth0 -c....
snort -d -i eth1 -c....
When I stop snort on eth0 then eth1 will pick up data on its network 
segment.  If they are both running at the same time, eth0 is the only 
interface that records data.  Any ideas?
-----------------------------------------------------------------------------
Here is my ifconfig as well.....

eth0      Link encap:Ethernet  HWaddr 00:E0:81:52:01:03 
          inet addr:192.168.1.20  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:116249991 errors:0 dropped:0 overruns:0 frame:7
          TX packets:1303454 errors:0 dropped:0 overruns:0 carrier:1
          collisions:13133 txqueuelen:100
          RX bytes:2944149069 (2807.7 Mb)  TX bytes:340014799 (324.2 Mb)
          Interrupt:11

eth1      Link encap:Ethernet  HWaddr 00:E0:81:52:01:02 
          inet addr:10.1.1.200  Bcast:10.1.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7718745 errors:0 dropped:0 overruns:0 frame:0
          TX packets:23 errors:0 dropped:0 overruns:4 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:1163621613 (1109.7 Mb)  TX bytes:1776 (1.7 Kb)
          Interrupt:10 Base address:0x2000

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:380 errors:0 dropped:0 overruns:0 frame:0
          TX packets:380 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:28168 (27.5 Kb)  TX bytes:28168 (27.5 Kb)
----------------------------------------------------------------------------
and route as well.......

192.168.1.0     *               255.255.255.0   U     0      0        0 eth0
10.1.0.0        *               255.255.0.0     U     0      0        0 eth1
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         192.168.1.1     0.0.0.0         UG    0      0        0 eth0

-----------------------------------------------------------------------------

Please advise...

-- 
Travis Rodak
Manager Web Presentation / Security
Computer Marketing Corporation
http://www.cmcflex.com



(All caveats, disclaimers, disclosures, labels, notices, and warnings commonly included in email messages are hereby incorporated by reference as if set forth in full. Without limiting the generality of the foregoing, this email represents only the personal opinion of the author, and only at the moment of writing. The author reserves the right to express any other opinion at any time for any reason or no reason.)






More information about the Snort-users mailing list