I just set up snort and have a few questions. First of all I'm using it on a Fedora 1 box, source install into /usr/local/lib/snort*. I'm using the default rules.
I ran it like this as a NIDS:
snort -d -h 192.168.0.0/24 -l /var/log/snort/ -c /usr/local/lib/snort-2.1.0/etc/snort.conf
Then I did a Syn/Stealth port scan like this:
nmap -sS 192.168.0.12
on the machine, from the machine. The problem is when I checked the alert file in /var/log/snort there was nothing in there. In the nmap documentation in says that this scan will be detected and logged by snort and even shows an example.
Also was is the -dev option, I cant find it in the man page, and its on several examples.
Thanks a lot