[Snort-users] snort newbie help
gpadilla at ...13098...
Mon Feb 28 08:31:34 EST 2005
I just recently installed snort on RH9.0 with apache-myslq-php-acid
etc.. The front end of the snort seems to be working fine.
The server that snort is installed on has 5 interfaces but 4 will be
used as taps. I'm having problems figuring out how to get snort to only
listen on just those 4 interfaces. If I set up my startup script to
iface=any it only starts looping localhost alerts. If I add iface=eth1
it looks like its seeing traffic on that interface. Right now I've only
plugged all interfaces onto a hub where my windows machine is also plug
to the the uplink port is connected to a switch which in turns goes out
to the cloud.
I want to see if I can see the traffic which is happening on my windows
All the interfaces do not have ip address except eth0.
Can anyone point me into the right derection?
More information about the Snort-users