[Snort-users] Snort with AFPacket
jlay at ...13475...
Mon Nov 3 17:37:16 EST 2014
On 2014-11-03 15:24, Sec Aficionado wrote:
> Hi there,
> Im following the steps outlined in the guide "Snort IPS using DAQ
> AFPacket". I compiled snort with all the requirements and I am using
> pulledpork for the rules.
> When I start snort with
> snort -c <conf path>/snort.conf -i eth1:eth0 -Q
> I do get the alerts and snort stops some traffic as expected.
> other functions running in that box are bypassed. The machine running
> snort has a DHCP server, but when snort is running the DHCP server is
> bypassed, so machines connected down the line get addresses from the
> next DHCP server higher up in the hierarchy.
> I want to confirm that this is the expected behavior. I did not
> the other functions to be bypassed, although in retrospective it
> some sense.
> Is there some documentation, in addition to the manual, about this
How are the above NIC's configured?
More information about the Snort-users