I setup a linux box this week.
When I first installed it, I had 1 NIC on our main Vlan.
I installed and configured arpwatch,snort, and acid.
They all seemed to work.
But now I want to add a second NIC that will be connected to a switch port that has all the VLANS mirrored to it.
Each VLAN is its own subnet. So what IP address do I give the NIC that will have the spanned data sent to it?
How do I tell arpwatch to only look at eth1 when its running as a service and because the different subnets are not in the same range how to I get arpwatch to listen to all arp request, I think I need o use the -n switch but there’s very little documentation about it.
With Snort how can I tell it to only listen on eth1?
Hopefully someone will find this and give me some direction or point me to a really good linux forum.
thanks,jb
