From 0fdfd4cf4e3e0875f234b70ba0f9de6bf7b4ac77 Mon Sep 17 00:00:00 2001
From: Seth Falco <seth@falco.fun>
Date: Sat, 8 Apr 2023 14:49:46 +0100
Subject: [PATCH] snort: add page (#10018)

---
 pages/common/snort.md | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 pages/common/snort.md

diff --git a/pages/common/snort.md b/pages/common/snort.md
new file mode 100644
index 000000000..696195a0d
--- /dev/null
+++ b/pages/common/snort.md
@@ -0,0 +1,24 @@
+# snort
+
+> Open-source network intrusion detection system.
+> More information: <https://www.snort.org/#documents>.
+
+- Capture packets with verbose output:
+
+`sudo snort -v -i {{interface}}`
+
+- Capture packets and dump application layer data with verbose output:
+
+`sudo snort -vd -i {{interface}}`
+
+- Capture packets and display link layer packet headers with verbose output:
+
+`sudo snort -ve -i {{interface}}`
+
+- Capture packets and save them in the specified directory:
+
+`sudo snort -i {{interface}} -l {{path/to/directory}}`
+
+- Capture packets according to rules and save offending packets along with alerts:
+
+`sudo snort -i {{interface}} -c {{path/to/rules.conf}} -l {{path/to/directory}}`