-
Notifications
You must be signed in to change notification settings - Fork 29
threatstream/snort
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
Snort Version 2.9.6.2 by Martin Roesch and The Snort Team (http://www.snort.org/team.html) Distribution Site: http://www.snort.org ****************************************************************************** COPYRIGHT Copyright (C) 2014 Cisco and/or its affiliates. All rights reserved. Copyright (C) 2001-2013 Sourcefire Inc. Copyright (C) 1998-2001 Martin Roesch This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License Version 2 as published by the Free Software Foundation. You may not use, modify or distribute this program under any other version of the GNU General Public License. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. Some of this code has been taken from tcpdump, which was developed by the Network Research Group at Lawrence Berkeley National Lab, and is copyrighted by the University of California Regents. ****************************************************************************** DESCRIPTION Snort is an open source network intrusion detection and prevention system. It is capable of performing real-time traffic analysis, alerting, blocking and packet logging on IP networks. It utilizes a combination of protocol analysis and pattern matching in order to detect a anomalies, misuse and attacks. Snort uses a flexible rules language to describe activity that can be considered malicious or anomalous as well as an analysis engine that incorporates a modular plugin architecture. Snort is capable of detecting and responding in real-time, sending alerts, performing session sniping, logging packets, or dropping sessions/packets when deployed in-line. Snort has three primary functional modes. It can be used as a packet sniffer like tcpdump(1), a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion detection and prevention system. Please read the snort_manual.pdf file that should be included with this distribution for full documentation on the program as well as a guide to getting started. ****************************************************************************** [*][USAGE] Command line: snort -[options] <filters> Options: The full list of options supported is displayed using the option --help. [*][FILTERS]: The "filters" are standard BPF style filters as seen in tcpdump. Look at the man page for snort for docs on how to use it properly. In general, you can give it a host, net or protocol to filter on and some logical statements to tie it together and get the specific traffic you're interested in. For example: [zeus ~]# ./snort -h 192.168.1.0/24 -d -v host 192.168.1.1 records the traffic to and from host 192.168.1.1. [zeus ~]# ./snort -h 192.168.1.0/24 -d -v net 192.168.1 and not host 192.168.1.1 records all traffic on the 192.168.1.0/24 class C subnet, but not traffic to/from 192.168.1.1. Notice that the command line data specified after the "-h" switch is formated differently from the BPF commands provided at the end of the command line. Sorry for the confusion, but I like the CIDR notation and I'm not rewriting libpcap to make it consistent! Anyway, you get the picture. Mail me if you have trouble with it. You can use the -F switch to read your BPF filters in from a file. [*][RULES]: ------------------------------------------------------------------------- NOTE: The "official" rules document these days is available at: http://www.snort.org/docs/writing_rules/ and is also usually distributed as snort_manual.pdf in the distro. If you don't have this file in your distribution of Snort, you can get it from www.snort.org. ------------------------------------------------------------------------- Please read the USAGE file or the snort_manual.pdf for more info! ****************************************************************************** /* $Id$ */
About
Snort
Resources
License
Unknown, Unknown licenses found
Licenses found
Unknown
LICENSE
Unknown
COPYING
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published