Snort 使用手册,第 2 部分: 配置
2010-01-25 00:00:00 来源:WEB开发网在上一篇文章中,我们简单了解了 Snort 的三个功能,并查看了一些包。例如,运行 snort -v 获得如清单 1 所示的输出。
清单 1. 使用 Snort 嗅探
[bdm0509:~] sudo snort -v
Password:
Running in packet dump mode
--== Initializing Snort ==--
Initializing Output Plugins!
Verifying Preprocessor Configurations!
***
*** interface device lookup found: en0
***
Initializing Network Interface en0
Decoding Ethernet on interface en0
--== Initialization Complete ==--
,,_ -*> Snort! <*-
o" )~ Version 2.8.0.2 (Build 75)
'''' By Martin Roesch & The Snort Team: http://www.snort.org/team.html
(C) Copyright 1998-2007 Sourcefire Inc., et al.
Using PCRE version: 7.6 2008-01-28
Not Using PCAP_FRAMES
03/31-08:55:12.179192 192.168.1.102:64862 -> 239.255.255.253:427
UDP TTL:1 TOS:0x0 ID:10292 IpLen:20 DgmLen:64
Len: 36
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
03/31-08:55:12.179498 192.168.1.102:64863 -> 239.255.255.253:427
UDP TTL:1 TOS:0x0 ID:10293 IpLen:20 DgmLen:64
Len: 36
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
03/31-08:55:12.180121 192.168.1.102:64864 -> 239.255.255.253:427
UDP TTL:1 TOS:0x0 ID:10294 IpLen:20 DgmLen:64
Len: 36
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
03/31-08:55:12.180278 192.168.1.102:64865 -> 239.255.255.253:427
UDP TTL:1 TOS:0x0 ID:10295 IpLen:20 DgmLen:64
Len: 36
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
03/31-08:55:12.247880 192.168.1.102:64866 -> 192.168.1.255:137
UDP TTL:64 TOS:0x0 ID:10296 IpLen:20 DgmLen:78
Len: 50
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
03/31-08:55:12.248297 192.168.1.103:137 -> 192.168.1.102:64866
UDP TTL:64 TOS:0x0 ID:8075 IpLen:20 DgmLen:90
Len: 62
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
03/31-08:55:12.599248 192.168.1.102:55381 -> 192.168.1.101:139
TCP TTL:64 TOS:0x0 ID:10297 IpLen:20 DgmLen:64 DF
******S* Seq: 0x42127B5E Ack: 0x0 Win: 0xFFFF TcpLen: 44
TCP Options (8) => MSS: 1460 NOP WS: 0 NOP NOP TS: 1428368232 0
TCP Options => SackOK EOL
...
LOTS more output here
...
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
03/31-08:55:21.976018 0.0.0.0:68 -> 255.255.255.255:67
UDP TTL:64 TOS:0x0 ID:48134 IpLen:20 DgmLen:328
Len: 300
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
03/31-08:55:21.976800 ARP who-has 192.168.1.104 tell 192.168.1.1
03/31-08:55:22.968515 192.168.1.1:67 -> 255.255.255.255:68
UDP TTL:150 TOS:0x0 ID:6040 IpLen:20 DgmLen:576
Len: 548
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
03/31-08:55:22.977578 ARP who-has 192.168.1.104 tell 192.168.1.104
^C*** Caught Int-Signal
Run time prior to being shutdown was 14.231224 seconds
===============================================================================
Packet Wire Totals:
Received: 78
Analyzed: 78 (100.000%)
Dropped: 0 (0.000%)
Outstanding: 0 (0.000%)
===============================================================================
Breakdown by protocol (includes rebuilt packets):
ETH: 78 (100.000%)
ETHdisc: 0 (0.000%)
VLAN: 0 (0.000%)
IPV6: 0 (0.000%)
IP6 EXT: 0 (0.000%)
IP6opts: 0 (0.000%)
IP6disc: 0 (0.000%)
IP4: 71 (91.026%)
IP4disc: 0 (0.000%)
TCP 6: 0 (0.000%)
UDP 6: 0 (0.000%)
ICMP6: 0 (0.000%)
ICMP-IP: 0 (0.000%)
TCP: 57 (73.077%)
UDP: 14 (17.949%)
ICMP: 0 (0.000%)
TCPdisc: 0 (0.000%)
UDPdisc: 0 (0.000%)
ICMPdis: 0 (0.000%)
FRAG: 0 (0.000%)
FRAG 6: 0 (0.000%)
ARP: 3 (3.846%)
EAPOL: 0 (0.000%)
ETHLOOP: 0 (0.000%)
IPX: 0 (0.000%)
OTHER: 4 (5.128%)
DISCARD: 0 (0.000%)
InvChkSum: 0 (0.000%)
Upconvt: 0 (0.000%)
Up fail: 0 (0.000%)
S5 G 1: 0 (0.000%)
S5 G 2: 0 (0.000%)
Total: 78
===============================================================================
Action Stats:
ALERTS: 0
LOGGED: 0
PASSED: 0
===============================================================================
Snort exiting
中查找“Snort 使用手册,第 2 部分: 配置”更多相关内容
中查找“Snort 使用手册,第 2 部分: 配置”更多相关内容更多精彩
赞助商链接
