[Snort-users] general questions
wkitty42 at ...14940...
Fri Mar 29 17:33:25 EDT 2013
On 3/29/2013 14:40, Mohammad MontazerI wrote:
> i know.
> but snort has packet sniffer. so i can use it as an IDS and network traffic
> shape. cant?
no, you can't... why should snort be processing all that data when its purpose
is penetration prevention?
> if its not for this kind of need so the log file used for what?
> why even snort create a log file from network traffic?
the pcaps are only of the network packets that *caused an alert*... nothing
else... the pcaps are so you can perform diagnostics to confirm the alert is a
true positive and so you can then followup with security or preventative
measures unless your system has already acted upon the alert and instituted some
More information about the Snort-users