It's been a few years since I had to use it, but it was on an old (was brand new at the time) Latitude D620 running Fedora some version number with Snort installed. You then configure the Ethernet port to sniff the traffic of a specified port on the target, in this case the firewall. It gets trickier or better if you have managed switches that do 802.11 and port mirroring. After that you load up Snort rules and dump the data off the port you're monitoring.
Typically, you would setup Snort on a dedicated box with 2 or more NIC's and it would sit somewhere between the router and firewall or just behind the firewall.
There are plenty of resources out there to setup and use snort.