Question on overall SNORT Config under Windows

["Glass, Keith" <Keith.Glass () serco-na com>]

Good morning. Attempting to stand up a Master-Slave IDS system running WinSnort with IIS and MySQL.

A generic architecture question: My SNORT master server/DB is configured with 4 interfaces: one currently used as the 
basic network connection (with a defined connection, IPV4 only), two NICs currently disabled (Intel I350s), and one 
currently disconnected from the network (set to DHCP)

Obviously, I'm going to have to keep the primary connection on the currently configured IP, etc. But other than 
enabling the other NICs and attaching them to SPAN ports on the appropriate VLANs on the switch, how do I configure the 
NICS in Windows so that SNORT can push them into sniffer/WinIDS mode ? Just enable and set to DHCP ? Haven't seen any 
guidance, on Snort.org or over on WinSnort, on basic box configuration. . .

Suggestions, guidance, et cetera would be greatly appreciated!!!

Keith A. Glass, CISSP CEH
Senior Design Engineer (Security)
SERCO-NA
11781 Lee Jackson Memorial Highway, Suite 700
Fairfax, Virginia, 22033
(V) 703-788-2982
(C) 540-539-8448
keith.glass () serco-na com<mailto:keith.glass () fairoaks serco-na com>

------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead. 
Download for free and get started troubleshooting in minutes. 
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!