whx
/
killchain-compendium
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

layout

This commit is contained in:
Stefan Friese 2022-09-26 19:35:29 +02:00
parent 8d7e90ebca
commit 213be0b541
1 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
misc/snort.md
View File

@ -1,6 +1,12 @@
# Snort
Comprised of __packet decoder__, __pre processor__, __detection engine__, __logging and alerting__, __output and plugins__
Snort is comprised of multiple modules to process network packets.
* __packet decoder__
* __pre processor__
* __detection engine__
* __logging and alerting__
* __output and plugins__
## Data Aquisition Modules
@ -21,7 +27,7 @@ snort -c <config> -T
### Sniffing
| Parameter | Description |
+-----------+-------------+
|-----------|-------------|
| -v | Verbose. Display the TCP/IP output in the console.|
| -d | Display the packet data (payload).|
| -e | Display the link-layer (TCP/IP/UDP/ICMP) headers. |
@ -80,7 +86,9 @@ snort -c /etc/snort/rules/local.rules -A full
* IDS -> `alert`
* IPS -> `reject`
`<action> <protocol> <ip.src> <src.port> <> <ip.dst> <dst.port>(msg: "<msg>; <reference>; <ruleID>;<revision info>`
```sh
<action> <protocol> <ip.src> <src.port> <> <ip.dst> <dst.port>(msg: "<msg>; <reference>; <ruleID>;<revision info>
```
* Actions
* `alert`