[Snort-users] (no subject)

Erek Adams erek at ...577...
Sun Oct 27 08:17:02 EST 2002

On Sun, 27 Oct 2002, Ha Tu wrote:

>          As far as I know, snort can catch all infomation from the
> datalink layer through the Application one. So where is the position of
> snort in the TCP/IP stack so that it is able to do that? Do data flow
> from iptables to snort?

Snort grabs the Ethernet frames off the wire.  Since it uses libpcap, it
all happens at that level.

>         How can I create a stealthed NIC on a SUN solaris machine?

ifconfig hme1 plumb
ifconfig hme1 up

Also known as FAQ 3.2



Erek Adams

More information about the Snort-users mailing list