[Snort-users] general questions

waldo kitty wkitty42 at ...14940...
Fri Mar 29 17:33:25 EDT 2013


On 3/29/2013 14:40, Mohammad MontazerI wrote:
> i know.
> but snort has packet sniffer. so i can use it as an IDS and network traffic
> shape. cant?

no, you can't... why should snort be processing all that data when its purpose 
is penetration prevention?

> if its not for this kind of need so the log file used for what?
> why even snort create a log file from network traffic?

the pcaps are only of the network packets that *caused an alert*... nothing 
else... the pcaps are so you can perform diagnostics to confirm the alert is a 
true positive and so you can then followup with security or preventative 
measures unless your system has already acted upon the alert and instituted some 
protective measures...




More information about the Snort-users mailing list