AW: [Snort-users] Queries on Snort...

Poppi, Sandro Sandro.Poppi at ...3316...
Fri Aug 30 03:50:03 EDT 2002


Hi,
> Hi,
> 
> I am suggesting Snort for Intrusion Detection requirement. I 
> do not know
> whether the following are supported in Snort. Can you help on these
> queries?
> 
> 1. Does Snort support capturing and decoding encrypted traffic?

Capturing yes, but not decoding since it would be necessary to have the
private key of the recipient which you normally would not install on the
snort box ;)

> 2. Does Snort support playback of stored packets?

If you save packets in pcap format snort can read and interpret it as if the
packets where sent over the network snort listens.
 
> 3. Can Snort do intrusion prevention like if an intrusion occurs, it
> respond to the attack.

Yes, using the so-called "flexible response" feature.

HTH,
Sandro




More information about the Snort-users mailing list