Difference between revisions of "SNORT: sniffer mode"

From OnnoWiki
Jump to navigation Jump to search
Line 1: Line 1:
 
Sumber: http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node4.html
 
Sumber: http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node4.html
  
  ./snort -v
+
  snort -v
  
 +
snort -vd
 +
 +
snort -vde
 +
 +
 +
First, let's start with the basics. If you just want to print out the TCP/IP packet headers to the screen (i.e. sniffer mode), try this:
 +
 +
    ./snort -v
 +
 +
This command will run Snort and just show the IP and TCP/UDP/ICMP headers, nothing else. If you want to see the application data in transit, try the following:
 +
 +
    ./snort -vd
 +
 +
This instructs Snort to display the packet data as well as the headers. If you want an even more descriptive display, showing the data link layer headers, do this:
 +
 +
    ./snort -vde
 +
 +
As an aside, notice that the command line switches can be listed separately or in a combined form. The last command could also be typed out as:
 +
 +
    ./snort -d -v -e
 +
 +
to produce the same result.
  
  

Revision as of 09:56, 15 March 2017

Sumber: http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node4.html

snort -v
snort -vd
snort -vde


First, let's start with the basics. If you just want to print out the TCP/IP packet headers to the screen (i.e. sniffer mode), try this:
   ./snort -v

This command will run Snort and just show the IP and TCP/UDP/ICMP headers, nothing else. If you want to see the application data in transit, try the following:

   ./snort -vd

This instructs Snort to display the packet data as well as the headers. If you want an even more descriptive display, showing the data link layer headers, do this:

   ./snort -vde

As an aside, notice that the command line switches can be listed separately or in a combined form. The last command could also be typed out as:

   ./snort -d -v -e

to produce the same result.


Referensi