A question about Suricata-IDS in monitoring mode

Hack3rcon · November 22, 2023, 9:36am

Hello,
When
When we run Suricata-IDS using suricata -i NIC, can it connect two NICs like in AF_PACKET IPS mode?

Thank you.

lukashino · November 22, 2023, 10:19am

no, you need to use suricata.yaml config for this use-case as in IPS mode.

Hack3rcon · November 24, 2023, 4:54pm

Hello,
Thank you so much.
So, does Suricata-IDS only have this capability in IPS mode?

ish · November 24, 2023, 5:09pm

You can list multiple interfaces under the af-packet section for IDS/monitoring mode as well. And you can specify -i multiple times on the command line as well. Sometimes its worth just trying to see if something works.

Hack3rcon · December 6, 2023, 6:46am

Hello,
Thanks.
Does Suricata-IDS only have this capability in IPS mode? Or I can connect two NICs in monitoring mode too, but I must define them under the af-packet section?

Topic		Replies	Views
Suricata Configuration for IPS and IDS Mode Help ips	10	6241	April 29, 2020
AF_PACKET IPS mode and network cards Help	5	416	October 27, 2023
Suricata as IDS and IPS on transpararent mode Help	1	517	February 27, 2023
Suricata-IDS does not work in AF_PACKET IPS mode Help	27	953	November 12, 2023
How to set up suricata af_packet IPS mode if my laptop only have one NIC? Help ips , community	2	614	October 8, 2021

A question about Suricata-IDS in monitoring mode

Related Topics