I have snort set up on a raspberry pi running a modified Ubuntu. Between my modem and router I have a switch that mirrors all the traffic to a port that is connected to the eth0 interface on my raspberry pi.

On my raspberry pi I have eth0 which is connected to the tap, and a wireless interface that is connected to my home network.

If I run the below from command line on my pi and ping my machine from within the network it will trigger the below rule

sudo /usr/local/bin/snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i wlan0

alert icmp any any -> $HOME_NET any (msg:"ICMP test"; sid:10000001; rev:001;)

But when I visit a site or ping a site from a computer in my network I can't get an alert to trigger on the pi via eth0. So far I have not been able to trigger an alert from the ethernet interface.

sudo /usr/local/bin/snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i wlan0

alert tcp any any -> $HOME_NET any (msg:"Alert This Message"; sid:10000002; rev:002;)

running ifconfig -a gives me

eth0      blah  
          blah
          UP BROADCAST RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:165909 errors:0 dropped:0 overruns:0 frame:0
          TX packets:230 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:8747971 (8.7 MB)  TX bytes:78700 (78.7 KB)

which leads me to believe that it's not the switch, since it shows me receiving packets.

Not sure what other info I can give, but I'd appreciate some trouble shooting techniques.