[Snort-users] snort 2.9.x.x software flow chart

Lawrence R. Hughes,Sr. lhughes at ...14822...
Thu Apr 4 11:59:21 EDT 2013


Waldo Kitty,

Thanks for the reply.. Software flow from internet would be great..

Thanks,
Larry

-----Original Message----- 
From: waldo kitty
Sent: Wednesday, April 03, 2013 6:43 PM
To: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] snort 2.9.x.x software flow chart

On 4/3/2013 13:28, Lawrence R. Hughes,Sr. wrote:
> Hi,
> I am looking for a software flowchart for snort2.9.x.x
> Anyone know where I can find a copy?

are you speaking of the internet to snort flow or a flow chart for 
installation
or something else?

> Also, What program handles the capture point (where packets are deemed not 
> to be
> a threat and are allowed to pass)?

there are two options, if i'm understanding your question...

the first option is snort in inline mode with DROP rules... in this mode, 
the
traffic comes in on one interface to snort, gets processed, and then if it
passes, snort feeds it out on another interface to the rest of the network 
being
protected... if snort determines that it is unwanted traffic, then snort 
DROPs
the traffic and doesn't pass it on inward...

the second option is to use some software that monitors the alert file or 
the
alerts being posted to the database... there are several packages that can
handle the traffic at this stage... these packages have different ways of
telling the firewall to block the traffic... they may issue instructions to
iptables on a linux system or they may issue commands to some other software
which would then initiate the block or drop...

> I am sure a flowchart would be very useful to find out what code handles 
> what?

i'm going to assume that this is a further clarification of the first query 
and
that you are wanting to see how the traffic flows into and through snort's
modules...

------------------------------------------------------------------------------
Minimize network downtime and maximize team effectiveness.
Reduce network management and security costs.Learn how to hire
the most talented Cisco Certified professionals. Visit the
Employer Resources Portal
http://www.cisco.com/web/learning/employer_resources/index.html
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort 
news! 





More information about the Snort-users mailing list