Linux Today: Linux News On Internet Time.

LinuxWorld.com: Protecting your network with Snort

Nov 01, 2001, 12:57 (0 Talkback[s])
(Other stories by Joshua Drake)
"The following article does not cover Snort in great detail. Snort is a large program in terms of its available options, and would take several articles to cover comprehensively. Instead, here is a brief overview of the program, and some of its options.

After a quick review of the above alert log excerpt, I was able to determine easily that Snort did indeed pick up my port scan from nmap. This is an excellent first step in noticing intrusion to the system.

After further review, I found that if you run Snort without any options, you are running in Packet Logger Mode. The packet logger mode will log all of the packet information to the log directory, and unless you enjoy reading lots of TCP/IP packet information, I don't suggest this option. Also, if you would like to see a summary of traffic on the network in real time, you can use the -v option. The -v option will print all TCP/IP headers to the screen."

Complete Story

Related Stories: