[Snort-users] Snort in IDS mode

aman mangal mangalaman93 at ...11827...
Sun Aug 16 20:26:07 EDT 2015


Thank you so much Russ. I just didn't see an example and could not make
that out.

I was also wondering if there is a way to test that the rules do work. Is
there a way I can test my setup by creating an abnormal network behaviour
and see snort reporting the abnormality?

Aman

On Tue, Aug 11, 2015 at 8:30 AM Russ <rucombs at ...589...> wrote:

> Hi Aman,
>
> You can use the -i flag to get live traffic like this:
>
>     snort -i "en0 en1" -z 2 ...
>
> This will open both interfaces on separate packet threads.  To see other
> options you may want:
>
>     snort -?
>
> Hope that helps.
> Russ
>
>
> On 8/11/15 12:22 AM, aman mangal wrote:
>
> Hi,
>
> My name is Aman, I am a first year PhD student at Georgia Tech, USA. I
> want to use *snort3 *for my research purposes and would like to run it in
> IDS mode with more than one thread.
>
> I am not able to figure out how to run snort in IDS mode without *-r *flag
> and instead, capturing all the packets live. Please help me out.
>
> Thank you
> Aman Mangal
>
>
> ------------------------------------------------------------------------------
>
>
>
> _______________________________________________
> Snort-users mailing listSnort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150817/d9173f54/attachment.html>


More information about the Snort-users mailing list