Snort mailing list archives
snort daqs capabilities
From: Mark Greenman <mark.greenman.014 () gmail com>
Date: Mon, 8 Dec 2014 18:10:11 +0330
Hi. I am new to snort and I am confused about some actions performed by some daqs. I am trying to use react rule option to block some applications (using appid rule option) and send another web page instead. Three scenarios where examined: 1- snort using pcap daq when listening on the interface connected to the server network, 2- snort using pcap daq when listening on the interface connected to the client network, 3- snort using nfq daq for extracting packets from a user space queue. when pcap on the client side interface is used, the connection is destroyed successfully and the webpage is sent to the client. How is it possible for pcap to drop packets if it is not in inline mode? or, is pcap running in inline mode? when pcap on the server side interface is used, the connection is destroyed again but no webpage is sent to the client? What do you think is the reason for that? Finally, when nfq is used, again the connection is destroyed (which is normal) but the page is not sent to the client. What is the reason for this one? Thank you very much Mark. ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- snort daqs capabilities Mark Greenman (Dec 08)