logo
bgImage
http://www.winsnort.com


Welcome to the home of WinIDS - Windows Intrusion Detection System!
header

Thank you for visiting WINSNORT.com

FAQ  •  Search  •  Register  •  Log in to check your private messages
Log in

Snort doesn't see new NIC
WINSNORT.com Forum Index » WinIDS - Windows XP / 2003 / 7 / 2008 / 2012 » WinIDS - Apache Web Server with MySQL Database Support
Post new topic   Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
Author Message
TroubleOffline
Post subject: Snort doesn't see new NIC  PostPosted: Mar 16, 2007 - 11:40 AM



Joined: Mar 16, 2007

Posts: 1

Status: Offline
Did a clean install of Windows 2000 on a new Dell PC with a single onboard (Broadcom) NIC. Followed installation procedure for Snort, BASE, MySQL and Apache and everything worked fine.

After further study on how I was going to deploy the NIDS, I built a passive ethernet tap (as found at http://www.snort.org/docs/tap/) and placed it between the firewall and the switch on the firewall's trusted interface. I then added a dual port Intel NIC to the snort box (giving it a total of 3 ethernet ports) and connected the two ports on the dual port NIC to the two ports on the tap and the Broadcom NIC to a regular switch port. My thinking being that snort could monitor both incoming and outgoing traffic on the dual port NIC and I could access the box remotely through the Broadcom.

Following all of this, I did a command line 'snort -W' and snort only sees the Broadcom NIC. How do I get it to see the other two ports I want it to monitor on?

Is this going to work? I've looked around the site and I've seen some suggestion that each instance of snort can only monitor a single NIC.

Thanks for any assistance you can provide.

Don DeVore
 
 View user's profile Send private message  
Reply with quote Back to top
MorpheusOffline
Post subject: RE: Snort doesn  PostPosted: Mar 17, 2007 - 05:53 AM
Site Admin


Joined: Sep 04, 2003
East Coast - USA
Posts: 1460
Location: East Coast - USA
Status: Offline
Snort is only capable of monitoring on a single interface. You can run a second or third instance of snort for additional NIC's.

I'm not sure as to why the -W switch is not seeing all your NIC's but drivers or legacy cards are the usual problem.

_________________
Best regards,
Morpheus...

WINSNORT.com Management
 
 View user's profile Send private message Visit poster's website MSN Messenger  
Reply with quote Back to top
Display posts from previous:     
Jump to:  
All times are GMT -5 Hours
Post new topic   Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
 WINSNORT.com Forum Index » WinIDS - Windows XP / 2003 / 7 / 2008 / 2012 »  WinIDS - Apache Web Server with MySQL Database Support

Powered by PNphpBB2 © 2003-2009. The PNphpBB2 Team
www.eventloganalyzer.com