(no subject)

["Richard Houston" <rhouston () rlhc net>]

Hello all,

I need some help with setting up snort as a NIDS.

I have version 1.8.3 installed on a RH 6.2 machine attached to 2 stacked
3com hubs. If I port scan the snort host I get lots of log messages
related to the  port scan, I all so use typhon to scan the snort host with
a selection of exploits Scan and all seems fine.  I have all messages
going to syslog.
Now here is the issue. If I scan a host other than the snort host, snort
does not log anything.
Here is the command I used to start snort.
/usr/sbin/snort -dev -h 10.1.1.0/24 -l /var/log/snort -d -D -i eth0 -c
/etc/snort/snort.conf
Here is the out put of ifconfig:
eth0      Link encap:Ethernet  HWaddr 00:60:97:AE:0C:05
          inet addr:10.1.1.2  Bcast:10.1.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:19415209 errors:248 dropped:0 overruns:0 frame:248
          TX packets:439766 errors:0 dropped:0 overruns:0 carrier:0
          collisions:19226 txqueuelen:100
          Interrupt:10 Base address:0x300

Any help would be greatly appreciated.



--
Thanks in advance

Rich




-----------------------------------------
This email was sent using SquirrelMail.
   "Webmail for nuts!"
http://squirrelmail.org/



_______________________________________________________________

Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users