Re: Snort with AFPacket

[James Lay <jlay () slave-tothe-box net>]

On 2014-11-03 15:24, Sec Aficionado wrote:
> Hi there,
>
> Im following the steps outlined in the guide "Snort IPS using DAQ
> AFPacket". I compiled snort with all the requirements and I am using
> pulledpork for the rules.
>
> When I start snort with
> snort -c <conf path>/snort.conf -i eth1:eth0 -Q
> I do get the alerts and snort stops some traffic as expected. 
> However,
> other functions running in that box are bypassed. The machine running
> snort has a DHCP server, but when snort is running the DHCP server is
> bypassed, so machines connected down the line get addresses from the
> next DHCP server higher up in the hierarchy.
>
> I want to confirm that this is the expected behavior. I did not 
> expect
> the other functions to be bypassed, although in retrospective it 
> makes
> some sense.
>
> Is there some documentation, in addition to the manual, about this
> behavior?
>
> Thanks!

How are the above NIC's configured?

------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!