Making sense of "snort -W" output

["Moshe Aelion" <ma0934 () hotmail com>]

Hi everybody

I would welcome some help: we have a NAT/ICMP ADSL gateway computer. It has two network interface cards, one for the 
internal LAN, and one for the ethernet link to the ADSL modem. There are three networks defined at TCP/IP level: the 
internal LAN (192.168.x.x), where the actual computers are positioned; another internal LAN (10.0.0.x), on which the 
ADSL modem has an address - 10.0.0.x; and the Internet link (which obtains an external IP address dynamically upon 
connection, from the ISP using DHCP - that's the address seen by "the outside world").

Since there are two interface cards, I thought "snort -W" will output two entries. Instead, there are nine! Why is that?
Can you suggest which ones are significant for the -i option? What's the meaning of "NdisWanNbfIn/Out?

Thanks in advance

Moshe

Here is the "snort -W" output:


Interface Device  Description
-------------------------------------------
1  \Device\Packet_{54B6A635-7753-44DD-9977-B4137EBA5A52} (3Com EtherLink PCI)
2 \Device\Packet_NdisWanIp (NdisWan Adapter)
3 \Device\Packet_NdisWanNbfOut{B5BA17D7-51EE-4B78-9E77-7B4CD2290205} (NdisWan Adapter)
4 \Device\Packet_NdisWanNbfIn{75E313C0-196A-48AD-B9E7-B72E44EAA0EB} (NdisWan Adapter)
5 \Device\Packet_NdisWanNbfIn{3BD08A8F-C44A-4364-B9A5-38E60E86FC1C} (NdisWan Adapter)
6 \Device\Packet_NdisWanNbfIn{A6B7853E-8766-419C-89C7-C6A5AAEA0956} (NdisWan Adapter)
7 \Device\Packet_NdisWanNbfOut{718B4E5C-2065-43E1-BBA9-26979539C0DB} (NdisWan Adapter)
8 \Device\Packet_NdisWanNbfOut{DCBA58B7-B33C-4ED3-B81F-D64A73A203D9} (NdisWan Adapter)
9 \Device\Packet_{17D59C5C-F6AD-4936-9A52-1C622D441FC4} (3Com EtherLink PCI)