help with arpwatch and snort using 2 NIC and multiple subnets
I setup my first linux box last week.
Its running Fedora core 3.
When I set it up I only had 1 NIC. it is on our main subnet.
I installed a second NIC and I was able to get it working. I've setup the
second nic on a mirroreds switch port so it can see traffice on 4 of our
VLANS (each VLAN is on a different subnet)
I would like to setup arpwatch to only use the second NIC and for it to
alert me to traffic on all VLANs.
I've seen the -n switch for arpwatch, but how do I use that when arpwatch is
running as a service?
How do I use the -n switch when the subnets are not together (example:
10.0.0.1,192.168.1.1,192.168.42.1)
I would also like to setup snort to only listen on the second NIC
Thank you
jb
|