Next: 1.2 Sniffer Mode
Up: 1. Snort Overview
Previous: 1. Snort Overview
Contents
Snort really isn't very hard to use, but there are a lot of command line
options to play with, and it's not always obvious which ones go together well.
This file aims to make using Snort easier for new users.
Before we proceed, there are a few basic concepts you should understand about
Snort. Snort can be configured to run in three modes:
- Sniffer mode, which simply reads the packets off of the network and displays them
for you in a continuous stream on the console (screen).
- Packet Logger mode, which logs the packets to disk.
- Network Intrusion Detection System (NIDS) mode, the most complex and configurable configuration,
which allows Snort to analyze network traffic for matches against a user-defined
rule set and performs several actions based upon what it sees.
- Inline Mode, which obtains packets from iptables instead of from libpcap and then
causes iptables to drop or pass packets based on Snort rules that use inline-specific rule types.