"Fossies" - the Fresh Open Source Software Archive

Member "snort-2.9.17/doc/README" (16 Oct 2020, 4302 Bytes) of package /linux/misc/snort-2.9.17.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "README": 2.9.16.1_vs_2.9.17.

    1 Snort Version 2.9.17
    2 
    3 by Martin Roesch and The Snort Team (http://www.snort.org/contact#team)
    4 
    5 Distribution Site:
    6 http://www.snort.org
    7 
    8 ******************************************************************************
    9 COPYRIGHT
   10 
   11 Copyright (C) 2014-2020 Cisco and/or its affiliates. All rights reserved.
   12 Copyright (C) 2001-2013 Sourcefire Inc.
   13 Copyright (C) 1998-2001 Martin Roesch
   14 
   15 This program is free software; you can redistribute it and/or modify
   16 it under the terms of the GNU General Public License Version 2 as
   17 published by the Free Software Foundation.  You may not use, modify or
   18 distribute this program under any other version of the GNU General
   19 Public License.
   20 
   21 This program is distributed in the hope that it will be useful,
   22 but WITHOUT ANY WARRANTY; without even the implied warranty of
   23 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   24 GNU General Public License for more details.
   25 
   26 You should have received a copy of the GNU General Public License
   27 along with this program; if not, write to the Free Software
   28 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
   29 
   30 Some of this code has been taken from tcpdump, which was developed
   31 by the Network Research Group at Lawrence Berkeley National Lab,
   32 and is copyrighted by the University of California Regents.
   33 
   34 ******************************************************************************
   35 
   36 DESCRIPTION
   37 
   38 Snort is an open source network intrusion detection and prevention system.  It
   39 is capable of performing real-time traffic analysis, alerting, blocking and 
   40 packet logging on IP networks.  It utilizes a combination of protocol analysis 
   41 and pattern matching in order to detect a anomalies, misuse and attacks.  
   42 Snort uses a flexible rules language to describe activity that can be considered
   43 malicious or anomalous as well as an analysis engine that incorporates a 
   44 modular plugin architecture.  Snort is capable of detecting and responding in
   45 real-time, sending alerts, performing session sniping, logging packets, or
   46 dropping sessions/packets when deployed in-line.
   47 
   48 Snort has three primary functional modes.  It can be used as a packet sniffer 
   49 like tcpdump(1), a packet logger (useful for network traffic
   50 debugging, etc), or as a full blown network intrusion detection and prevention
   51 system.
   52 
   53 Please read the snort_manual.pdf file that should be included with this 
   54 distribution for full documentation on the program as well as a guide to 
   55 getting started.
   56 
   57 
   58 ******************************************************************************
   59 
   60 [*][USAGE]
   61 
   62 Command line: 
   63 
   64 	snort -[options] <filters>
   65 
   66 Options:
   67     The full list of options supported is displayed using the option --help.
   68 
   69 [*][FILTERS]:
   70 
   71      The "filters" are standard BPF style filters as seen in tcpdump.  Look
   72 at the man page for snort for docs on how to use it properly.  In general,
   73 you can give it a host, net or protocol to filter on and some logical statements
   74 to tie it together and get the specific traffic you're interested in.  For 
   75 example:
   76 
   77 [zeus ~]# ./snort -h 192.168.1.0/24 -d -v host 192.168.1.1
   78 
   79 records the traffic to and from host 192.168.1.1.
   80 
   81 [zeus ~]# ./snort -h 192.168.1.0/24 -d -v net 192.168.1 and not host 192.168.1.1
   82 
   83 records all traffic on the 192.168.1.0/24 class C subnet, but not traffic 
   84 to/from 192.168.1.1.  Notice that the command line data specified after the
   85 "-h" switch is formated differently from the BPF commands provided at the end 
   86 of the command line.  Sorry for the confusion, but I like the CIDR notation and
   87 I'm not rewriting libpcap to make it consistent!  Anyway, you get the picture.
   88 Mail me if you have trouble with it.
   89 
   90 You can use the -F switch to read your BPF filters in from a file.  
   91 
   92 
   93 [*][RULES]:
   94       
   95 -------------------------------------------------------------------------
   96 NOTE: The "official" rules document these days is available at:
   97 
   98 http://www.snort.org/docs/writing_rules/
   99 
  100 and is also usually distributed as snort_manual.pdf in the distro.  If
  101 you don't have this file in your distribution of Snort, you can get it from
  102 www.snort.org.
  103 -------------------------------------------------------------------------
  104 
  105 Please read the USAGE file or the snort_manual.pdf for more info!
  106 
  107 ******************************************************************************
  108 /* $Id$ */