[Snort-users] Trouble Snorting with Multiple Interfaces

David Alonso De La Vega Tapage delavegad at ...7768...
Wed May 21 06:11:04 EDT 2003


You can use any eth to manage your snort box .. ?

Travis Rodak wrote:

> I am having trouble seeing data on eth1 when eth0 has been started and 
> runs at the same time.
> snort -d -i eth0 -c....
> snort -d -i eth1 -c....
> When I stop snort on eth0 then eth1 will pick up data on its network 
> segment.  If they are both running at the same time, eth0 is the only 
> interface that records data.  Any ideas?
> ----------------------------------------------------------------------------- 
>
> Here is my ifconfig as well.....
>
> eth0      Link encap:Ethernet  HWaddr 00:E0:81:52:01:03          inet 
> addr:192.168.1.20  Bcast:192.168.1.255  Mask:255.255.255.0
>          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>          RX packets:116249991 errors:0 dropped:0 overruns:0 frame:7
>          TX packets:1303454 errors:0 dropped:0 overruns:0 carrier:1
>          collisions:13133 txqueuelen:100
>          RX bytes:2944149069 (2807.7 Mb)  TX bytes:340014799 (324.2 Mb)
>          Interrupt:11
>
> eth1      Link encap:Ethernet  HWaddr 00:E0:81:52:01:02          inet 
> addr:10.1.1.200  Bcast:10.1.255.255  Mask:255.255.0.0
>          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>          RX packets:7718745 errors:0 dropped:0 overruns:0 frame:0
>          TX packets:23 errors:0 dropped:0 overruns:4 carrier:0
>          collisions:0 txqueuelen:100
>          RX bytes:1163621613 (1109.7 Mb)  TX bytes:1776 (1.7 Kb)
>          Interrupt:10 Base address:0x2000
>
> lo        Link encap:Local Loopback          inet addr:127.0.0.1  
> Mask:255.0.0.0
>          UP LOOPBACK RUNNING  MTU:16436  Metric:1
>          RX packets:380 errors:0 dropped:0 overruns:0 frame:0
>          TX packets:380 errors:0 dropped:0 overruns:0 carrier:0
>          collisions:0 txqueuelen:0
>          RX bytes:28168 (27.5 Kb)  TX bytes:28168 (27.5 Kb)
> ---------------------------------------------------------------------------- 
>
> and route as well.......
>
> 192.168.1.0     *               255.255.255.0   U     0      0        
> 0 eth0
> 10.1.0.0        *               255.255.0.0     U     0      0        
> 0 eth1
> 127.0.0.0       *               255.0.0.0       U     0      0        
> 0 lo
> default         192.168.1.1     0.0.0.0         UG    0      0        
> 0 eth0
>
> ----------------------------------------------------------------------------- 
>
>
> Please advise...
>






More information about the Snort-users mailing list