How to configure Suricate to capture packets on the entire network? I have already configured the Suricate but it's only capturing packets that send to Suricata installed host. I want the whole network packets to be captured by Suricata.
I have two different networks such as Data and Internal where Suricata is placed in Internal Network. I have already configured my switch to monitor few ports and destine to second port of Suricata Server but still I didn't see any changes.
Can some help on this matter?
the interface should be in promiscuous mode - to see all traffic.
(HOWTO depends on your os)
ifconfig eth1 up
ifconfig eth1 promisc
and check what is defined in suricata yaml who's under $HOME_NET , and what rules files are set, I recommend to take a glance there to better understand why certain rule is fired.