Depending on the configurations that shipped with your package, you may have some settings wrong. The base snort.conf file should work, however you should inspect the system config file /etc/sysconfig/snort
and make sure these two options are set sanely.
Also you should look at the system log, /var/log/messages
by default, to see if the interface is actually entering promiscuous mode. If so, you should see something along these lines
kernel: device eth1 entered promiscuous mode
You can also get good debugging information from the perfmonitor preprocessor. You can enable it in your snort.conf with something like
preprocessor perfmonitor: time 300 file /var/log/snort/snort.stats pktcnt 10000
This will dump a VERY large comma delineated list of performance values from the snort application. The full list of all the values dumped can be found in the manual, either shipped or at snort_manual.pdf You might be interested to look at:
- Total Packets Received
- Mbits/Sec (applayer)
- TCP Sessions Initializing
The values from those, and possibly others, should help determine whether the application itself is even seeing the packets, let alone processing them.