[Snort-users] Snort in IDS mode

Russ rucombs at ...589...
Tue Aug 11 08:31:45 EDT 2015


Hi Aman,

You can use the -i flag to get live traffic like this:

     snort -i "en0 en1" -z 2 ...

This will open both interfaces on separate packet threads.  To see other 
options you may want:

     snort -?

Hope that helps.
Russ

On 8/11/15 12:22 AM, aman mangal wrote:
> Hi,
>
> My name is Aman, I am a first year PhD student at Georgia Tech, USA. I 
> want to use /snort3 /for my research purposes and would like to run it 
> in IDS mode with more than one thread.
>
> I am not able to figure out how to run snort in IDS mode without /-r 
> /flag and instead, capturing all the packets live. Please help me out.
>
> Thank you
> Aman Mangal
>
>
> ------------------------------------------------------------------------------
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150811/de369dc9/attachment.html>


More information about the Snort-users mailing list