Using snort as sniffer and ide
-
hey,
I want to use snort as a sniffer while it will log all of the packets and still use it as an intrusion detection.
i have tried many things but couldn't make it,
is it possible?thanks
-
Snort can and will log packets that generate alerts, but I don't believe it can be configured to log all packets (i.e., be a sniffer). Never investigated that type of use, though, so I could be wrong.
Bill
-
it can log all packets-for exmple if I would type $snort -b -l ./snort.
the problem happens when I try to add the configuration file -
Currently the GUI package builds a snort.conf file configured for alerting and capturing packets related to those alerts. It was never intended to use Snort like Wireshark on pfSense, so that capability is not part of the standard snort.conf generation.
Bill