Re: general questions

[waldo kitty <wkitty42 () windstream net>]

On 3/29/2013 14:40, Mohammad MontazerI wrote:
> i know.
> but snort has packet sniffer. so i can use it as an IDS and network traffic
> shape. cant?

no, you can't... why should snort be processing all that data when its purpose 
is penetration prevention?

> if its not for this kind of need so the log file used for what?
> why even snort create a log file from network traffic?

the pcaps are only of the network packets that *caused an alert*... nothing 
else... the pcaps are so you can perform diagnostics to confirm the alert is a 
true positive and so you can then followup with security or preventative 
measures unless your system has already acted upon the alert and instituted some 
protective measures...

------------------------------------------------------------------------------
Own the Future-Intel(R) Level Up Game Demo Contest 2013
Rise to greatness in Intel's independent game demo contest. Compete 
for recognition, cash, and the chance to get your game on Steam. 
$5K grand prize plus 10 genre and skill prizes. Submit your demo 
by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!