[Oisf-users] Suricata 1.4beta1 Available!

Eric Leblond eric at regit.org
Fri Sep 7 06:57:49 UTC 2012


Le vendredi 07 septembre 2012 à 09:51 +0400, kay a écrit :
> Dear Victor,
> Could you please explain in simple words how does AF_PACKET IPS work?
> I thought that AF_PACKET capable only capture packets.

AF_PACKET can be used to read packets but can also be used to sends
packets. The AF_PACKET IPS mode works by peering two interfaces. All
packets received on an interface are sent to the peered interface (if
they are not dropped). This way, Suricata is transparent to the network
and use AF_PACKET for IPS.

A possible setup for this mode is :

LAN - switch - eth0 - | Suricata box | - eth1 - GW

More information here: 

Eric Leblond 
Blog: http://home.regit.org/ - Portfolio: http://regit.500px.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20120907/2580e485/attachment.sig>

More information about the Oisf-users mailing list