[Snort-users] capturing on the wrong nic

Joel Esler jesler at ...1935...
Mon Oct 18 20:48:18 EDT 2010


You can specify the interface that Snort is listening on by using the -i command line tag.

like snort -i eth0 or snort -i eth1.

Joel

On Oct 18, 2010, at 8:41 PM, Chris Copeland wrote:

> Yep, total newbie here, but I have managed to do the following:
> install LAMP, install snort, configure 2 eth devices, install base,
> and capture traffic, the only problem is that it is traffic on the
> management nic, not the nic I have plugged in to my hub (the one I
> want sniffing).
> 
> topology:
> cable modem
> -> hub -> snortTest
> -> hub -> firewall/wireless router -> home network devices
> 
> I know this has to be a setting in the conf file, at least I think it does.
> 
> My internal IP: 10.0.1.15
> from the snort.conf:
> var HOME_NET 10.0.1.0/24
> var EXTERNAL_NET any
> 
> eth0 - management nic
> eth1 - sniffer nic
> 
> what am I doing wrong?
> 
> Thanks in advance!!!
> 
> ------------------------------------------------------------------------------
> Download new Adobe(R) Flash(R) Builder(TM) 4
> The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly 
> Flex(R) Builder(TM)) enable the development of rich applications that run
> across multiple browsers and platforms. Download your free trials today!
> http://p.sf.net/sfu/adobe-dev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

--
Joel Esler
302-223-5974





More information about the Snort-users mailing list