I thought Snort was capable of dropping packets based on the snort ruleset... am I wrong? Is that performed only by the firewall?
I realise Ethereal is only for listening to what's happening. Does anyone have any in depth installation and config tutorials? Snort.org has a few, but nothing I can make good use of. I'll check out silicondefense... although I'm not on any MS product - Mandrake Linux 8.2 Regards, Thomas Madhavan Leon Ward wrote: >It seams that you are thinking on slightly along the wrong lines here, >Snort and Ethereal capture packets and do not do not block anything. >Snort has the capability to inspect packets against a set of rules and >report accordingly (alert on suspicious traffic). >Ethereal captures packets for the purpose of allowing a user to inspect what >is going on the "wire". > >As far as the snort compiling problems go, check that the directory that >libpcap installed its libraries into is listed in your /etc/ld.so.conf file. > >Try installing both libpcap and snort from source, you will get more >installation options. > >Nard > > > >-----Original Message----- >From: Thomas Madhavan [mailto:[EMAIL PROTECTED]] >Sent: 25 May 2002 15:29 >To: [EMAIL PROTECTED] >Subject: Snort or Ethereal for a relative newbie? > > >Hi all. Responses have been good before so I thought I'd try again. > >I've recently set up a Mandrake 8.2 workstation. I've used firestarter to >build a firewall, and I want to use a packet sniffer. > >After installing Snort, it didn't work due to a data type 113 error. I >uninstalled it, then reinstalled from an RPM, but apparently I don't have >libpcap installed (which I do). > >So, I tried Ethereal and it works fine. However, can rulesets be applied to >Ethereal as they can with Snort? I want a little extra security, not just >logs of packets. > >If Ethereal *can* be used to block packets, is it a good substitute for >snort? Or would I benefit from using Snort instead? There also seem to be a >lot of snort reporting tools - are there any for Ethereal? > >Thanks a lot, > >Thomas Madhavan > > > > >This E-mail and its attachments have been scanned for viruses before >delivery. For more information contact [EMAIL PROTECTED] > >This E-mail and its attachments have been scanned for viruses before delivery. >We recommend that all attachments are also checked by recipients before being viewed. >For more information contact [EMAIL PROTECTED] > >