[Snort-users] snort 2.9.x.x software flow chart

waldo kitty wkitty42 at ...14940...
Wed Apr 3 18:43:11 EDT 2013


On 4/3/2013 13:28, Lawrence R. Hughes,Sr. wrote:
> Hi,
> I am looking for a software flowchart for snort2.9.x.x
> Anyone know where I can find a copy?

are you speaking of the internet to snort flow or a flow chart for installation 
or something else?

> Also, What program handles the capture point (where packets are deemed not to be
> a threat and are allowed to pass)?

there are two options, if i'm understanding your question...

the first option is snort in inline mode with DROP rules... in this mode, the 
traffic comes in on one interface to snort, gets processed, and then if it 
passes, snort feeds it out on another interface to the rest of the network being 
protected... if snort determines that it is unwanted traffic, then snort DROPs 
the traffic and doesn't pass it on inward...

the second option is to use some software that monitors the alert file or the 
alerts being posted to the database... there are several packages that can 
handle the traffic at this stage... these packages have different ways of 
telling the firewall to block the traffic... they may issue instructions to 
iptables on a linux system or they may issue commands to some other software 
which would then initiate the block or drop...

> I am sure a flowchart would be very useful to find out what code handles what?

i'm going to assume that this is a further clarification of the first query and 
that you are wanting to see how the traffic flows into and through snort's 
modules...




More information about the Snort-users mailing list