Snort IDS tips for VARs a

Installing Snort: Sniffer mode

Snort can operate in four modes, but we will concentrate on three and mention the fourth. First, we create a directory for our tests, and then we tell Snort to watch the loopback interface for traffic. In this mode (activated by -v) Snort is a simple network traffic sniffer.

In a separate terminal we send a single ICMP echo to the loopback address.

freebsd61-generic:/root# ping -c 1 127.0.0.1

Snort reports the following, and we interrupt capture with ctrl-C.

Sniffer mode is the simplest Snort mode, and it is best used to quickly ensure you can capture the traffic you expect to see on a given interface.

    Requires Free Membership to View


Snort: Fundamentals and installation tips for the channel

 Introduction
 Installation
 Sniffer mode
 Packet logger mode
 Intrusion detection mode
 Conclusion

About the author
Richard Bejtlich is founder of TaoSecurity, author of several books on network security monitoring, including Extrusion Detection: Security Monitoring for Internal Intrusions, and operator of the TaoSecurity blog (taosecurity.blogspot.com).


This was first published in December 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: