[Snort-users] Snort with AFPacket

James Lay jlay at ...13475...
Mon Nov 3 17:37:16 EST 2014

On 2014-11-03 15:24, Sec Aficionado wrote:
> Hi there,
> Im following the steps outlined in the guide "Snort IPS using DAQ
> AFPacket". I compiled snort with all the requirements and I am using
> pulledpork for the rules.
> When I start snort with
> snort -c <conf path>/snort.conf -i eth1:eth0 -Q
> I do get the alerts and snort stops some traffic as expected. 
> However,
> other functions running in that box are bypassed. The machine running
> snort has a DHCP server, but when snort is running the DHCP server is
> bypassed, so machines connected down the line get addresses from the
> next DHCP server higher up in the hierarchy.
> I want to confirm that this is the expected behavior. I did not 
> expect
> the other functions to be bypassed, although in retrospective it 
> makes
> some sense.
> Is there some documentation, in addition to the manual, about this
> behavior?
> Thanks!

How are the above NIC's configured?

More information about the Snort-users mailing list