Snort mailing list archives
Re: Question for the Guru's
From: John Liss <john () lissproductions com>
Date: Mon, 14 Nov 2011 11:42:20 -0700
On 11/14/2011 11:17 AM, carlopmart wrote:
<snip>See daq docs about af-packet and nfq ...If I may jump in here to forward the conversation, does anyone have an opinion of which is better in-line, af-packet or nfq? I am currently running Snort inline using af-packet (using Gentoo) and NFQ was not originally available in the 2.9.x.x version. -BillInline is a dead line ... To work with snort as an IPS you need to use af-packet or nfq. Better?? Depends on your needs, your network topology and your experience with snort.
Thanks for the reply guys! Sounds like daq with af-packet makes a good test case for us. Is there a good faq on which is better for af-packet or nfq? Question: using snort -D -daq afpacket -Q -c snort.conf -i eth1:eth2 Is snort doing the bridging using eth1:eth2 or do I still have to configure iptables to complete the bridge. Reading the DAQ docs I'm still confused. -John ------------------------------------------------------------------------------ RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Question for the Guru's John Liss (Nov 14)
- Re: Question for the Guru's Joel Esler (Nov 14)
- Re: Question for the Guru's carlopmart (Nov 14)
- Re: Question for the Guru's NA (Nov 14)
- Re: Question for the Guru's carlopmart (Nov 14)
- Re: Question for the Guru's John Liss (Nov 14)
- Re: Question for the Guru's NA (Nov 14)
- Re: Question for the Guru's John Liss (Nov 14)
- Re: Question for the Guru's John Liss (Nov 16)
- Re: Question for the Guru's Joel Esler (Nov 17)
- Re: Question for the Guru's NA (Nov 14)