<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <!--Converted with LaTeX2HTML 2002-2-1 (1.71) original version by: Nikos Drakos, CBLU, University of Leeds * revised and updated by: Marcus Hennecke, Ross Moore, Herb Swan * with significant contributions from: Jens Lippmann, Marek Rouchal, Martin Wilck and others --> <HTML> <HEAD> <TITLE>1.1 Getting Started</TITLE> <META NAME="description" CONTENT="1.1 Getting Started"> <META NAME="keywords" CONTENT="snort_manual"> <META NAME="resource-type" CONTENT="document"> <META NAME="distribution" CONTENT="global"> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"> <META NAME="Generator" CONTENT="LaTeX2HTML v2002-2-1"> <META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css"> <LINK REL="STYLESHEET" HREF="snort_manual.css"> <LINK REL="next" HREF="node4.html"> <LINK REL="previous" HREF="node2.html"> <LINK REL="up" HREF="node2.html"> <LINK REL="next" HREF="node4.html"> </HEAD> <BODY > <!--Navigation Panel--> <A NAME="tex2html282" HREF="node4.html"> <IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A> <A NAME="tex2html278" HREF="node2.html"> <IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A> <A NAME="tex2html272" HREF="node2.html"> <IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A> <A NAME="tex2html280" HREF="node1.html"> <IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A> <BR> <B> Next:</B> <A NAME="tex2html283" HREF="node4.html">1.2 Sniffer Mode</A> <B> Up:</B> <A NAME="tex2html279" HREF="node2.html">1. Snort Overview</A> <B> Previous:</B> <A NAME="tex2html273" HREF="node2.html">1. Snort Overview</A> <B> <A NAME="tex2html281" HREF="node1.html">Contents</A></B> <BR> <BR> <!--End of Navigation Panel--> <H1><A NAME="SECTION00210000000000000000"> 1.1 Getting Started</A> </H1> <P> Snort really isn't very hard to use, but there are a lot of command line options to play with, and it's not always obvious which ones go together well. This file aims to make using Snort easier for new users. <P> Before we proceed, there are a few basic concepts you should understand about Snort. Snort can be configured to run in three modes: <UL> <LI><EM>Sniffer mode,</EM> which simply reads the packets off of the network and displays them for you in a continuous stream on the console (screen). </LI> <LI><EM>Packet Logger mode,</EM> which logs the packets to disk. </LI> <LI><EM>Network Intrusion Detection System (NIDS) mode,</EM> the most complex and configurable configuration, which allows Snort to analyze network traffic for matches against a user-defined rule set and performs several actions based upon what it sees. </LI> <LI><EM>Inline Mode,</EM> which obtains packets from iptables instead of from libpcap and then causes iptables to drop or pass packets based on Snort rules that use inline-specific rule types. </LI> </UL> <P> <BR><HR> </BODY> </HTML>