[Snort-users] Snort with AFPacket
secaficionado at ...11827...
Mon Nov 3 17:24:16 EST 2014
I'm following the steps outlined in the guide "Snort IPS using DAQ
AFPacket". I compiled snort with all the requirements and I am using
pulledpork for the rules.
When I start snort with
snort -c <conf path>/snort.conf -i eth1:eth0 -Q
I do get the alerts and snort stops some traffic as expected. However,
other functions running in that box are bypassed. The machine running snort
has a DHCP server, but when snort is running the DHCP server is bypassed,
so machines connected down the line get addresses from the next DHCP server
higher up in the hierarchy.
I want to confirm that this is the expected behavior. I did not expect the
other functions to be bypassed, although in retrospective it makes some
Is there some documentation, in addition to the manual, about this behavior?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users