[Snort-users] snort 2.9.x.x software flow chart
Lawrence R. Hughes,Sr.
lhughes at ...14822...
Thu Apr 4 11:59:21 EDT 2013
Thanks for the reply.. Software flow from internet would be great..
From: waldo kitty
Sent: Wednesday, April 03, 2013 6:43 PM
To: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] snort 2.9.x.x software flow chart
On 4/3/2013 13:28, Lawrence R. Hughes,Sr. wrote:
> I am looking for a software flowchart for snort2.9.x.x
> Anyone know where I can find a copy?
are you speaking of the internet to snort flow or a flow chart for
or something else?
> Also, What program handles the capture point (where packets are deemed not
> to be
> a threat and are allowed to pass)?
there are two options, if i'm understanding your question...
the first option is snort in inline mode with DROP rules... in this mode,
traffic comes in on one interface to snort, gets processed, and then if it
passes, snort feeds it out on another interface to the rest of the network
protected... if snort determines that it is unwanted traffic, then snort
the traffic and doesn't pass it on inward...
the second option is to use some software that monitors the alert file or
alerts being posted to the database... there are several packages that can
handle the traffic at this stage... these packages have different ways of
telling the firewall to block the traffic... they may issue instructions to
iptables on a linux system or they may issue commands to some other software
which would then initiate the block or drop...
> I am sure a flowchart would be very useful to find out what code handles
i'm going to assume that this is a further clarification of the first query
that you are wanting to see how the traffic flows into and through snort's
Minimize network downtime and maximize team effectiveness.
Reduce network management and security costs.Learn how to hire
the most talented Cisco Certified professionals. Visit the
Employer Resources Portal
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
Please visit http://blog.snort.org to stay current on all the latest Snort
More information about the Snort-users