network-programmingsnortintrusion-detection

Snort only alerting about IP its running on


I'm trying to set up a snort IDS from my machine(opensuse 13.1) to monitor the entire network. When I run snort I am sniffing all the packets and monitoring all computers on the network, but I am only getting alerts for my machine. I want the alert file to alert me about ALL IP's. I also tried including specific IP adressess in HOME_NET and it would still only alert me about my opensuse machine.

My snort.conf: HOME_NET 192.168.1.0/24

EXTERNAL_NET !$HOME_NET

output alert_fast: /var/log/snort/fast_alert.txt

I am using pulledpork for my one snort.rules file.

I run snort as so: snort -d -c /etc/snort/snort.conf -vv

also, It might be important information that I do not have eth0 as a network device option.

How can I make snort alert me for all machines/IP's on the network?


Solution

  • Solution was port mirroring. I was only able to get traffic from my own switch. By using a network switch and port mirroring other IP's to my switch, I am now able to alert those IP's traffic!