Switch branches/tags
Nothing to show
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
..
Failed to load latest commit information.
README.GTP Inserting the READMEs Feb 8, 2014
README.PLUGINS Inserting the READMEs Feb 8, 2014
README.PerfProfiling Inserting the READMEs Feb 8, 2014
README.SMTP Inserting the READMEs Feb 8, 2014
README.UNSOCK Inserting the READMEs Feb 8, 2014
README.WIN32 Inserting the READMEs Feb 8, 2014
README.active Updated "Readme"s Oct 23, 2014
README.alert_order Inserting the READMEs Feb 8, 2014
README.appid Updated "Readme"s Oct 23, 2014
README.asn1 Inserting the READMEs Feb 8, 2014
README.counts Inserting the READMEs Feb 8, 2014
README.csv Inserting the READMEs Feb 8, 2014
README.daq Inserting the READMEs Feb 8, 2014
README.dcerpc2 Inserting the READMEs Feb 8, 2014
README.decode Inserting the READMEs Feb 8, 2014
README.decoder_preproc_rules Inserting the READMEs Feb 8, 2014
README.dnp3 Inserting the READMEs Feb 8, 2014
README.dns Inserting the READMEs Feb 8, 2014
README.event_queue Inserting the READMEs Feb 8, 2014
README.file Inserting the READMEs Feb 8, 2014
README.file_ips Updated "Readme"s Oct 23, 2014
README.filters Inserting the READMEs Feb 8, 2014
README.flowbits Inserting the READMEs Feb 8, 2014
README.frag3 Inserting the READMEs Feb 8, 2014
README.ftptelnet Inserting the READMEs Feb 8, 2014
README.gre Inserting the READMEs Feb 8, 2014
README.ha Inserting the READMEs Feb 8, 2014
README.http_inspect Maybe the final cleanup? Jul 3, 2017
README.imap Inserting the READMEs Feb 8, 2014
README.ipip Inserting the READMEs Feb 8, 2014
README.ipv6 Inserting the READMEs Feb 8, 2014
README.md More formatting updates. Feb 8, 2014
README.modbus Inserting the READMEs Feb 8, 2014
README.multipleconfigs Inserting the READMEs Feb 8, 2014
README.normalize Updated "Readme"s Oct 23, 2014
README.pcap_readmode Inserting the READMEs Feb 8, 2014
README.pop Inserting the READMEs Feb 8, 2014
README.ppm Inserting the READMEs Feb 8, 2014
README.reload Inserting the READMEs Feb 8, 2014
README.reputation Inserting the READMEs Feb 8, 2014
README.rzb_saac Inserting the READMEs Feb 8, 2014
README.sensitive_data Inserting the READMEs Feb 8, 2014
README.sfportscan Inserting the READMEs Feb 8, 2014
README.sip Inserting the READMEs Feb 8, 2014
README.ssh Inserting the READMEs Feb 8, 2014
README.ssl Updated "Readme"s Oct 23, 2014
README.stream5 Updated "Readme"s Oct 23, 2014
README.tag Inserting the READMEs Feb 8, 2014
README.thresholding Inserting the READMEs Feb 8, 2014
README.unified2 Inserting the READMEs Feb 8, 2014
README.variables Inserting the READMEs Feb 8, 2014

README.md

Snort Version 2.9.6.0

by Martin Roesch and The Snort Team http://www.snort.org/snort/snort-team/

Distribution Site: http://www.snort.org


COPYRIGHT

Copyright (C) 2014 Cisco and/or its affiliates. All rights reserved.

Copyright (C) 2001-2013 Sourcefire Inc.

Copyright (C) 1998-2001 Martin Roesch

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License Version 2 aspublished by the Free Software Foundation. You may not use, modify or distribute this program under any other version of the GNU General Public License.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

Some of this code has been taken from tcpdump, which was developed by the Network Research Group at Lawrence Berkeley National Lab, and is copyrighted by the University of California Regents.


DESCRIPTION

Snort is an open source network intrusion detection and prevention system. It is capable of performing real-time traffic analysis, alerting, blocking and packet logging on IP networks. It utilizes a combination of protocol analysis and pattern matching in order to detect a anomalies, misuse and attacks.
Snort uses a flexible rules language to describe activity that can be considered malicious or anomalous as well as an analysis engine that incorporates a modular plugin architecture. Snort is capable of detecting and responding in real-time, sending alerts, performing session sniping, logging packets, or dropping sessions/packets when deployed in-line.

Snort has three primary functional modes. It can be used as a packet sniffer like tcpdump(1), a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion detection and prevention system.

Please read the snort manual file that should be included with this distribution for full documentation on the program as well as a guide to getting started.


** USAGE

Command line:

`snort -[options] <filters>`

Options: The full list of options supported is displayed using the option --help.

** FILTERS:

The "filters" are standard BPF style filters as seen in tcpdump. Look at the man page for snort for docs on how to use it properly. In general, you can give it a host, net or protocol to filter on and some logical statements to tie it together and get the specific traffic you're interested in. For example:

[zeus ~]# ./snort -h 192.168.1.0/24 -d -v host 192.168.1.1

records the traffic to and from host 192.168.1.1.

[zeus ~]# ./snort -h 192.168.1.0/24 -d -v net 192.168.1 and not host 192.168.1.1

records all traffic on the 192.168.1.0/24 class C subnet, but not traffic to/from 192.168.1.1. Notice that the command line data specified after the "-h" switch is formated differently from the BPF commands provided at the end of the command line. Sorry for the confusion, but I like the CIDR notation and I'm not rewriting libpcap to make it consistent! Anyway, you get the picture. Mail me if you have trouble with it.

You can use the -F switch to read your BPF filters in from a file.

** RULES:


NOTE: The "official" rules document these days is available in the snort_manual.pdf in the distro. If you don't have this file in your distribution of Snort, you can get it from here.

Please read the USAGE file or the snort_manual.pdf for more info!