snort newbie help

["Guillermo Padilla" <gpadilla () cbct com>]

Hi,

I just recently installed snort on RH9.0 with apache-myslq-php-acid
etc.. The front end of the snort seems to be working fine. 

The server that snort is installed on has 5 interfaces but 4 will be
used as taps.  I'm having problems figuring out how to get snort to only
listen on just those 4 interfaces.  If I set up my startup script to
iface=any it only starts looping localhost alerts.  If I add iface=eth1
it looks like its seeing traffic on that interface.  Right now I've only
plugged all interfaces onto a hub where my windows machine is also plug
to the the uplink port is connected to a switch which in turns goes out
to the cloud.

I want to see if I can see the traffic which is happening on my windows
machine.

All the interfaces do not have ip address except eth0.  

Can anyone point me into the right derection?

Regards,

-Guillermo



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users