Before we go into Snort's basic operational modes, let's first look at a breakdown of the command-line options. This chapter covers each item listed here, but some are not frequently used or may only be used in conjunction with other variables. Some of the options can be specified in the config file instead of at the command line. If you are just trying something out, specify the setting at the command line. If you are planning on keeping the setting for a while, set it in the config file.
Generates an alert using one of the specified
unsock. Rather than
specifying the alert mode within a configuration file, you can
include it here at the command line.
Logs packets in tcpdump format (i.e., libpcap). Files in tcpdump format are smaller, so this is the best method of recording large amounts of logged data and packets. It is very fast and may be a good option on high-traffic networks.
Scrambles the networks specified in the
-h (or HOME_NET) setting. This helps hide the real
internal network addresses inside binary logs.
Allows you to specify which configuration file you want to use. If you have different configurations with various rules enabled, you can specify which configuration to use at the command line. This option is required when Snort is run in NIDS mode.
Prints the character data found in the packet payload, rather than displaying it in hexadecimal format. ...