Next: 1.2 Sniffer Mode
Up: 1. Snort Overview
Previous: 1. Snort Overview
Contents
Snort really isn't very hard to use, but there are a lot of command line
options to play with, and it's not always obvious which ones go together well.
This file aims to make using Snort easier for new users.
Before we proceed, there are a few basic concepts you should understand about
Snort. Snort can be configured to run in three modes:
- Sniffer mode, which simply reads the packets off of the network and
displays them for you in a continuous stream on the console (screen).
- Packet Logger mode, which logs the packets to disk.
- Network Intrusion Detection System (NIDS) mode, the most complex
and configurable configuration, which allows Snort to analyze network traffic
for matches against a user-defined rule set and performs several actions based
upon what it sees.
- Inline mode, which obtains packets from iptables instead of from
libpcap and then causes iptables to drop or pass packets based on Snort rules
that use inline-specific rule types.
Next: 1.2 Sniffer Mode
Up: 1. Snort Overview
Previous: 1. Snort Overview
Contents