Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Using snort as sniffer and ide

    Scheduled Pinned Locked Moved IDS/IPS
    4 Posts 2 Posters 823 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E Offline
      esuahcdss12
      last edited by

      hey,
      I want to use snort as a sniffer while it will log all of the packets and still use it as an intrusion detection.
      i have tried many things but couldn't make it,
      is it possible?

      thanks

      1 Reply Last reply Reply Quote 0
      • bmeeksB Offline
        bmeeks
        last edited by

        Snort can and will log packets that generate alerts, but I don't believe it can be configured to log all packets (i.e., be a sniffer).  Never investigated that type of use, though, so I could be wrong.

        Bill

        1 Reply Last reply Reply Quote 0
        • E Offline
          esuahcdss12
          last edited by

          it can log all packets-for exmple if I would type $snort -b -l ./snort.
          the problem happens when I try to add the configuration file

          1 Reply Last reply Reply Quote 0
          • bmeeksB Offline
            bmeeks
            last edited by

            Currently the GUI package builds a snort.conf file configured for alerting and capturing packets related to those alerts.  It was never intended to use Snort like Wireshark on pfSense, so that capability is not part of the standard snort.conf generation.

            Bill

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.