Snort mailing list archives

Re: Help with config

From: <peter () schawacker com>
Date: Sun, 28 Dec 2003 10:37:20 -0800

My guess is that you're using a switch instead of a hub.  What's the
make/model?

Peter

Peter Schawacker, CISSP
43300 Warner Trail
Palm Desert, CA 92211
Office: 760-200-4258
Mobile: 760-880-4258
peter () schawacker com

----- Original Message ----- 
From: "Michael Thompson" <mike () thompsonmike co uk>
To: <snort-users () lists sourceforge net>
Sent: Sunday, December 28, 2003 12:19 AM
Subject: [Snort-users] Help with config

Hi Snort-users,



  I have had to resort to using a hub between the ADSL Modem and
  router. So my network looks like this now:

  Modem

  Hub
  (Snort Listening here)

  Router / Firewall

  Remainder of network

  With this setup, snort seems unable to log anything at all. I have
  been to several scanner sites and nothing is logged. What should I
  set the HOME_NET variable to in this config? (Is it my global IP??) Is

there any other

  settings I need to change? The interface snort is plugged into on
  the machine is eth1, which is activated on bootup, and snort states
  it is listening there in promiscuios mode. It does not have a IP
  associated with it, the RedHat config tool states this interface is
  inactive, but I assume that this is as far as Gnome is concerd, and
  it is active as far as snort is concerd. Am I right?

  I realise that there is no local IP's in this config, as snort is
  listening before the NAT translation takes place, but at least I
  will have some idea of what is hitting the firewall.


-- 

Best regards,
 Michael (mike () thompsonmike co uk)

This is only a test.

http://www.thompsonmike.co.uk/
PGP KeyID := 0xA9547E32

'To see a world in a grain of sand
And heaven in a wild flower
To hold infinity in the palm of your hand
And eternity in an hour'

Using TheBat! Version 2.02.3 CE
Running On Windows XP (2600, Service Pack 1)
Sent From OneAndOne



-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Help with config Michael Thompson (Dec 28)
- Re: Help with config Rich Adamson (Dec 28)
- Re: Help with config peter (Dec 28)