Snort mailing list archives
Re: Snort in IDS mode
From: Russ <rucombs () cisco com>
Date: Tue, 11 Aug 2015 08:31:45 -0400
Hi Aman,
You can use the -i flag to get live traffic like this:
snort -i "en0 en1" -z 2 ...
This will open both interfaces on separate packet threads. To see other
options you may want:
snort -?
Hope that helps.
Russ
On 8/11/15 12:22 AM, aman mangal wrote:
Hi,My name is Aman, I am a first year PhD student at Georgia Tech, USA. I want to use /snort3 /for my research purposes and would like to run it in IDS mode with more than one thread.I am not able to figure out how to run snort in IDS mode without /-r /flag and instead, capturing all the packets live. Please help me out.Thank you Aman Mangal ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort in IDS mode aman mangal (Aug 10)
- Re: Snort in IDS mode Russ (Aug 11)