Hello all,
I have setup snort inline using this method.

downloaded Libdnet, Barnyard2, and DAQ, and installed them.

./configure --enable-64bit-gcc --enable-inline-init-failopen --enable-sourcefire --with-daq-includes=/usr/local/include/dnet/ --with-daq-libraries=/usr/local/lib/

make ; make install

copied and setup snort.config, and rules etc... to /etc/snort/

/sbin/ifconfig eth1 promisc up
/sbin/ifconfig eth2 promisc up

service iptables off (for now)

snort --daq afpacket -i eth1:eth2 -Q -c /etc/snort/snort.conf

I'm using wire-shark on two servers, one behind the IPS, and one in front. I only see broadcast traffic from each host. For example, from host a, I will bing host b, and the other way, no reply. If host a pings the broadcast address, host b will see this, and the other way. Host b's dns request never makes it to host a (my DNS server). Not sure where to look, would this be a daq issue, or snort.conf issue?

Thanks in advance.

