Typically, a network-based IDS is set up to monitor a DMZ or the internal network right behind the firewall so it alerts to any possible threats that your firewall didn't catch.There is a Web interface that works with Snort called BASE (Basic Analysis and Security Engine) which is based on ACID (Analysis Console for Intrusion Databases) which we'll set up.Having this information can let you know if you need to make some firewall changes or harden the OS on a particular server a bit more.You may see the term IPS for Intrusion Prevention Systems which takes things one step further, having the IDS adjust the firewall when it discovers something.
You need to either tap into the link you want to monitor using a hub, or you have to do port spanning on your switch.
(Most cable/DSL routers have some limited firewall capabilities.) In this case, in order to determine the HOME_NET value (discussed below) you'd have to know the IP address that your router pulled from your ISP's DHCP server.
The easiest way to find out what IP address your router pulled is to visit a Web site like that displays your "external" IP address when you visit the site.
There are two flavors of IDSs, host-based and network-based.
Snort is a network-based IDS that can monitor all of the traffic on a network link to look for suspicious traffic.