Snort mailing list archives
Trouble Snorting with Multiple Interfaces
From: Travis Rodak <trodak () cmcflex com>
Date: Tue, 20 May 2003 16:03:30 -0600
I am having trouble seeing data on eth1 when eth0 has been started and runs at the same time.
snort -d -i eth0 -c.... snort -d -i eth1 -c....When I stop snort on eth0 then eth1 will pick up data on its network segment. If they are both running at the same time, eth0 is the only interface that records data. Any ideas?
----------------------------------------------------------------------------- Here is my ifconfig as well.....eth0 Link encap:Ethernet HWaddr 00:E0:81:52:01:03 inet addr:192.168.1.20 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:116249991 errors:0 dropped:0 overruns:0 frame:7
TX packets:1303454 errors:0 dropped:0 overruns:0 carrier:1
collisions:13133 txqueuelen:100
RX bytes:2944149069 (2807.7 Mb) TX bytes:340014799 (324.2 Mb)
Interrupt:11
eth1 Link encap:Ethernet HWaddr 00:E0:81:52:01:02
inet addr:10.1.1.200 Bcast:10.1.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7718745 errors:0 dropped:0 overruns:0 frame:0
TX packets:23 errors:0 dropped:0 overruns:4 carrier:0
collisions:0 txqueuelen:100
RX bytes:1163621613 (1109.7 Mb) TX bytes:1776 (1.7 Kb)
Interrupt:10 Base address:0x2000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:380 errors:0 dropped:0 overruns:0 frame:0
TX packets:380 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:28168 (27.5 Kb) TX bytes:28168 (27.5 Kb)
----------------------------------------------------------------------------
and route as well.......
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
10.1.0.0 * 255.255.0.0 U 0 0 0 eth1
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
-----------------------------------------------------------------------------
Please advise...
--
Travis Rodak
Manager Web Presentation / Security
Computer Marketing Corporation
http://www.cmcflex.com
(All caveats, disclaimers, disclosures, labels, notices, and warnings commonly included in email messages are hereby
incorporated by reference as if set forth in full. Without limiting the generality of the foregoing, this email
represents only the personal opinion of the author, and only at the moment of writing. The author reserves the right to
express any other opinion at any time for any reason or no reason.)
-------------------------------------------------------
This SF.net email is sponsored by: ObjectStore.
If flattening out C++ or Java code to make your application fit in a
relational database is painful, don't do it! Check out ObjectStore.
Now part of Progress Software. http://www.objectstore.net/sourceforge
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Trouble Snorting with Multiple Interfaces Travis Rodak (May 20)
- Re: Trouble Snorting with Multiple Interfaces David Alonso De La Vega Tapage (May 21)
- RE: Trouble Snorting with Multiple Interfaces Gordon Cunningham (May 22)