[Oisf-users] Suricata 1.4beta1 Available!

kay kay.diam at gmail.com
Fri Sep 7 08:45:06 UTC 2012


Thank you for the information.

Is there any information about built-in live traffic decryption with
the private key? Will this feature implemented in 1.4 release or
later?

2012/9/7 Eric Leblond <eric at regit.org>:
> Hello,
>
> Le vendredi 07 septembre 2012 à 09:51 +0400, kay a écrit :
>> Dear Victor,
>>
>> Could you please explain in simple words how does AF_PACKET IPS work?
>> I thought that AF_PACKET capable only capture packets.
>
> AF_PACKET can be used to read packets but can also be used to sends
> packets. The AF_PACKET IPS mode works by peering two interfaces. All
> packets received on an interface are sent to the peered interface (if
> they are not dropped). This way, Suricata is transparent to the network
> and use AF_PACKET for IPS.
>
> A possible setup for this mode is :
>
> LAN - switch - eth0 - | Suricata box | - eth1 - GW
>
> More information here:
> https://home.regit.org/2012/09/new-af_packet-ips-mode-in-suricata/
>
> BR,
> --
> Eric Leblond
> Blog: http://home.regit.org/ - Portfolio: http://regit.500px.com/



More information about the Oisf-users mailing list