Snort not seeing all traffic?

["Patrick Jones" <p.jones.ml () xsb com>]

Snort 1.9.1
Red Hat 8.0
2 NICs
Eth0 10.x.x.x
Eth1 no address
Installed ACID

Topology:
Router - Hub - Switch - Firewall - Internal Network
          |                          |
          |                          |
        (Eth1)                       |
         IDS(eth0)------------------/


Synopsis:
I do not see all the alerts/listings scan/vulnerability attempts (even ones initiated by me)...for my network segment.
I know I am only seeing a fraction of the traffic that goes accross "the hub". 
I know this because I receive alerts from my firewall that scan attempts are occuring,
yet I see no correlation with data in Snort/ACID.

For example:
   1. 2003-04-23 11:31:57 system-alert-00016:  Port scan from 66.70.32.91/80 to x.x.x.x/4746 protocol TCP (untrust)
   2. 2003-04-23 11:31:57 system-alert-00016:  Port scan from 66.70.32.91/80 to x.x.x.x/4398 protocol TCP (untrust)

I do not see anything in ACID/Snort that show this attempt at port scanning.


I am not sure where I am failing in this. I do see alerts when I go to ACID console, just not all that should be seen.
Is it rules I am not putting into affect?
I really appreciate any help...

~PJ




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users