LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   help with arpwatch and snort using 2 NIC and multiple subnets (https://www.linuxquestions.org/questions/linux-security-4/help-with-arpwatch-and-snort-using-2-nic-and-multiple-subnets-268479/)

benwaynet 12-20-2004 01:22 PM
help with arpwatch and snort using 2 NIC and multiple subnets
 
I setup my first linux box last week.

Its running Fedora core 3.

When I set it up I only had 1 NIC. it is on our main subnet.

I installed a second NIC and I was able to get it working. I've setup the
second nic on a mirroreds switch port so it can see traffice on 4 of our
VLANS (each VLAN is on a different subnet)

I would like to setup arpwatch to only use the second NIC and for it to
alert me to traffic on all VLANs.

I've seen the -n switch for arpwatch, but how do I use that when arpwatch is
running as a service?

How do I use the -n switch when the subnets are not together (example:
10.0.0.1,192.168.1.1,192.168.42.1)

I would also like to setup snort to only listen on the second NIC

Thank you
jb


All times are GMT -5. The time now is 04:30 AM.