I'm trying to set up Snort a CentOS 4 box. I can't seem to set up the Ethernet card right so that id doesn't drop all packets. Here is the IFCONFIG infor from that interface:

eth1 Link encap:Ethernet HWaddr 00:00:D1:9D:75:0E
inet6 addr: fe80::200:d1ff:fe9d:750e/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:128 errors:0 dropped:423142 overruns:0 frame:0
TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:206979369 (197.3 MiB) TX bytes:526 (526.0 b)
Interrupt:9

As you can see it is dropping almost every packit coming into it. Any ideas how to get around this?

http://internetsecurityguru.com/documents/snort_base_centos4.pdf

Also check out ntsug.org

you need to turn the firewall off, its probably dumping them kernel level

iptables -F

[QUOTE=AbecX]you need to turn the firewall off, its probably dumping them kernel level

iptables -F[/QUOTE]Made no difference. Any other suggestions?

Try doing

service iptables stop.

also paste me iptables -L ( if it lists anything )

do you have anything in your hosts.deny?

Shit canned the Intel ethernet card that was in there and put in an old 3Com and it works now.

Thanks for the replies!