[Oisf-users] Suricata inspects all packets?

Vishal Kotalwar V vishalkv at altencalsoftlabs.com
Wed May 11 10:50:24 UTC 2016

Any info on this is appreciated ... please help. 

Thanks & regards, 
Vishal V. Kotalwar 

From: "Vishal Kotalwar V" <vishalkv at altencalsoftlabs.com> 
To: "oisf-users" <oisf-users at lists.openinfosecfoundation.org> 
Sent: Tuesday, May 10, 2016 4:57:00 PM 
Subject: [Oisf-users] Suricata inspects all packets? 

I am new to IPS/IDS and netfilter framework. I have a query on packet handling by suricata & netfilter. 

In IPS mode, we add iptables rule to pass packets to NFQ on which suricata is listening. Suricata processes those packets and issues verdict for that flow. 
Does netfilter send packets from same flow to suricata even after verdict is given? I would assume that conntrack would kick-in here to bypass the queuing for optimization ... 
is that right? But conntrack is not mandatory for suricata/netfilter functioning. 

Please help me understand ... 

Thanks & regards, 
Vishal V. Kotalwar 

Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org 
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/ 
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users 
Suricata User Conference November 9-11 in Washington, DC: http://oisfevents.net 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160511/4a99a559/attachment-0002.html>

More information about the Oisf-users mailing list