Difference between revisions of "SNORT: sniffer mode"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
| Line 1: | Line 1: | ||
Sumber: http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node4.html | Sumber: http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node4.html | ||
| − | + | snort -v | |
| + | snort -vd | ||
| + | |||
| + | snort -vde | ||
| + | |||
| + | |||
| + | First, let's start with the basics. If you just want to print out the TCP/IP packet headers to the screen (i.e. sniffer mode), try this: | ||
| + | |||
| + | ./snort -v | ||
| + | |||
| + | This command will run Snort and just show the IP and TCP/UDP/ICMP headers, nothing else. If you want to see the application data in transit, try the following: | ||
| + | |||
| + | ./snort -vd | ||
| + | |||
| + | This instructs Snort to display the packet data as well as the headers. If you want an even more descriptive display, showing the data link layer headers, do this: | ||
| + | |||
| + | ./snort -vde | ||
| + | |||
| + | As an aside, notice that the command line switches can be listed separately or in a combined form. The last command could also be typed out as: | ||
| + | |||
| + | ./snort -d -v -e | ||
| + | |||
| + | to produce the same result. | ||
Revision as of 09:56, 15 March 2017
Sumber: http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node4.html
snort -v
snort -vd
snort -vde
First, let's start with the basics. If you just want to print out the TCP/IP packet headers to the screen (i.e. sniffer mode), try this:
./snort -v
This command will run Snort and just show the IP and TCP/UDP/ICMP headers, nothing else. If you want to see the application data in transit, try the following:
./snort -vd
This instructs Snort to display the packet data as well as the headers. If you want an even more descriptive display, showing the data link layer headers, do this:
./snort -vde
As an aside, notice that the command line switches can be listed separately or in a combined form. The last command could also be typed out as:
./snort -d -v -e
to produce the same result.