Snort mailing list archives

Re: Trouble Snorting with Multiple Interfaces

From: David Alonso De La Vega Tapage <delavegad () bancoaliado com>
Date: Wed, 21 May 2003 08:18:44 -0500

You can use any eth to manage your snort box .. ?

Travis Rodak wrote:

I am having trouble seeing data on eth1 when eth0 has been started andruns at the same time.
snort -d -i eth0 -c....
snort -d -i eth1 -c....
When I stop snort on eth0 then eth1 will pick up data on its networksegment. If they are both running at the same time, eth0 is the onlyinterface that records data. Any ideas?-----------------------------------------------------------------------------
Here is my ifconfig as well.....
eth0 Link encap:Ethernet HWaddr 00:E0:81:52:01:03 inetaddr:192.168.1.20 Bcast:192.168.1.255 Mask:255.255.255.0
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:116249991 errors:0 dropped:0 overruns:0 frame:7
         TX packets:1303454 errors:0 dropped:0 overruns:0 carrier:1
         collisions:13133 txqueuelen:100
         RX bytes:2944149069 (2807.7 Mb)  TX bytes:340014799 (324.2 Mb)
         Interrupt:11
eth1 Link encap:Ethernet HWaddr 00:E0:81:52:01:02 inetaddr:10.1.1.200 Bcast:10.1.255.255 Mask:255.255.0.0
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:7718745 errors:0 dropped:0 overruns:0 frame:0
         TX packets:23 errors:0 dropped:0 overruns:4 carrier:0
         collisions:0 txqueuelen:100
         RX bytes:1163621613 (1109.7 Mb)  TX bytes:1776 (1.7 Kb)
         Interrupt:10 Base address:0x2000
lo Link encap:Local Loopback inet addr:127.0.0.1Mask:255.0.0.0
         UP LOOPBACK RUNNING  MTU:16436  Metric:1
         RX packets:380 errors:0 dropped:0 overruns:0 frame:0
         TX packets:380 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0
         RX bytes:28168 (27.5 Kb)  TX bytes:28168 (27.5 Kb)
----------------------------------------------------------------------------
and route as well.......
192.168.1.0 * 255.255.255.0 U 0 00 eth010.1.0.0 * 255.255.0.0 U 0 00 eth1127.0.0.0 * 255.0.0.0 U 0 00 lodefault 192.168.1.1 0.0.0.0 UG 0 00 eth0
-----------------------------------------------------------------------------
Please advise...





-------------------------------------------------------
This SF.net email is sponsored by: ObjectStore.
If flattening out C++ or Java code to make your application fit in a
relational database is painful, don't do it! Check out ObjectStore.
Now part of Progress Software. http://www.objectstore.net/sourceforge
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Trouble Snorting with Multiple Interfaces Travis Rodak (May 20)
- Re: Trouble Snorting with Multiple Interfaces David Alonso De La Vega Tapage (May 21)
- RE: Trouble Snorting with Multiple Interfaces Gordon Cunningham (May 22)