Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
17 Cards in this Set
- Front
- Back
|
SNORT MODES
|
SNIFFER, PACKET LOGGER, NETWORK INTRUSION DETECTION SYSTEM (NIDS)
|
|
|
SNIFFER MODE DEFINITION
|
SIMPLY READS PACKETS OFF NETWORK AND DISPLAYS IN CONTINUOUS STREAM ON CONSOLE
|
|
|
PACKET LOGGER DEFINITION
|
LOGS PACKETS TO DISK
|
|
|
NETWORK INTRUSTION DETECTION SYSTEM NIDS DEFINITION
|
MOST COMPLEX AND CONFIGURABLE. ALLOWS SNORT TO ANALYZE TRAFFIC FOR MATCHES AGAINST USER DEFINED RULE SET AND PERFORMS SEVERAL ACTIONS BASED UPON WHAT IT SEES
|
|
|
WHAT DOES ./SNORT -V DO?
|
PRINTS OUT TCP/IP HEADERS TO SCREEN. WILL RUN SNORT AND SHOW IP AND TCP/UDP/ICMP HEADERS ONLY.
|
|
|
./SNORT -VD
WHAT DOES IT DO? |
SHOWS IP, TCP/UDP/ICMP HEADERS AND APPLICATION DATA.
|
|
|
./snort -vde
WHAT DOES IT DO? |
IT SHOWS EVEN MORE DESCRIPIVE DISPLAY THAN ./SNORT -VD... WILL SHOW DATA LINK HEADER.
|
|
|
DO SNORT SWITCHES HAVE TO BE SMASHED TOGETHER OR CAN BE SEPARATED?
|
SEPARATED OR SMASHED TOGETHER.
|
|
|
WHAT DOES ./SNORT -DEV -L ./LOG DO?
|
DETAILED MODE OF COLLECTION, -L=LOG MODE, ./LOG IS THE DIRECTORY
|
|
|
WHAT DOES -H 192.168.1.0/24 DO?
|
SPECIFIES THE HOME NETWORK IN A SNORT COMMAND
|
|
|
WHAT IS THE SWITCH TO LOG IN BINARY MODE?
|
-B
|
|
|
WHY WOULD YOU WANT TO LOG IN BINARY MODE?
|
IT IS MORE EFFICIENT
|
|
|
WHAT DOES THE COMAND ./SNORT -L ./LOG -B DO?
|
RUN SNORT IN LOG MODE TO DIRECTORY ./LOG IN BINARY MODE
|
|
|
DOES BINARY MODE LOG EVERYTHING IN A DIRECTORY STRUCTURE OR ALL IN ONE FILE?
|
ONE FILE
|
|
|
HOW DOES BINARY MODE STORE THE INFORMATION?
|
DIRECTORY STRUCTURE, NOT ONE FILE.
|
|
|
DO YOU HAVE TO USE THE -DEV SWITCHES WHEN LOGGING IN BINARY MODE?
|
NO. THE ENTIRE PACKET IS LOGGED
|
|
|
HOW TO RUN SNORT IN PLAYBACK MODE
|
-r
|
