Something related to snort (1)

I am studying snort recently. I will record it here to avoid this damn brain. I always forget about it!

First, it is a brief introduction to snort.

Snort is an intrusion detection tool released by Alibaba CloudSource codeYou canCodeFor further development, Snort is an open-source network intrusion monitoring system. Its main function is to record and analyze data streams in an IP network in real time. Through protocol analysis and packet content search and matching, it can be used to monitor many attacks and scans, such as buffer overflow, Hidden Port Scanning, CGI attacks, SMB detection, and operating system identification detection. In addition to Real-Time alarms, the Snort Alarm Mechanism also includes sending logs to syslogs, Writing user-specified files, writing a UNIX socket, or sending winpopup messages through smbclient.

The latest stable release also includes the status detection and TCP stream reorganization modules, high-performance IP partition modules, and unified binary output modules. The host that triggers the event will be tracked and recorded, the Snort rule identification number and new printed output Code make the output easier. The classification and priority are also added to the rule language to detect ARP spoofing, the new Telnet standardization plug-in can defend against many Telnet and FTP attacks, while the other RPC standardization plug-in can defend against RPC sharding attacks.

After installing snort, run the following command in the command line: