[Snort-users] Snort and DPI

Kevin Ross kevross33 at ...14012...
Thu Aug 2 10:59:49 EDT 2012

To answer your questions:
- Yes it is DPI as it is looking at the full packet.
- If it is your network an you have the appropriate security and network
usage policies in place you are able to capture whatever you want. Sure
Snort is aimed more at security stuff but you can match on all cleartext
traffic (technically you could go a full packet capture and get everything
which from a security point of view is advisable).


On 2 August 2012 12:21, Pratik Narang <pratik.cse.bits at ...11827...> wrote:

> Dear Snort Users and Developers,
> Snort's detection engine searches for specific signatures in the
> payload of IP packets. So is it right to equate Snort's detection with
> Deep Packet Inspection?
> So are there ethical/privacy issues involved with Snort's detection run as
> well?
> Thanks...
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120802/5608cd89/attachment.html>

More information about the Snort-users mailing list