IDS/IPS MODE

sudo snort -c /etc/snort/snort.conf -N
 * -N disables logging & no logs created in the log folder
    - can be combined with -v or -X for console output
	
sudo snort -c /etc/snort/snort.conf -D
 * -D refers to daemon mode
    - can be combined with -v or -X for console output and -l to create logs in the log folder
	    - daemon mode is mainly used to automate the Snort. This parameter is mainly used in scripts to start the Snort service in the background. It is not recommended to use this mode unless you have a working knowledge of Snort and stable configuration.
		
sudo snort -c /etc/snort/snort.conf -A console
 * -A utilizes alert mode
    - modes can be {console | cmg | full | fast | none}
	   - console: provides fast style alerts on the console screen
	   - cmg: Provides basic header details with payload in hex and text format.
	   - full: Full alert mode, providing all possible information about the alert.
	   - Fast mode: shows the alert message, timestamp, source and destination ıp along with port numbers.
	   - none: disables alerting
	   
sudo snort -c /etc/snort/snort.conf -A cmg

sudo snort -c /etc/snort/snort.conf -A fast
 * this mode doesn't provide console output, but it does create logs
 
sudo snort -c /etc/snort/snort.conf -A full
 * this mode doesn't provide console output, but it does create logs
	
sudo snort -c /etc/snort/snort.conf -A none
 * this mode doesn't create alert file. However, it still logs traffic & creates a log file in binary dump format
 * there is no console output in this mode

sudo snort -c /etc/snort/snort.conf -q -Q --daq afpacket -i eth0:eth1 -A {console | full}
 * the Data Acquisition (DAQ) option activates snort as an IPS and uses the afpacket module
    - snort ips mode requires at least TWO nics -i eth0:eth1
 * this mode can also be activated by editing the snort.conf file