由 zwlww 在 03-01-2003 23:57 发表:
snort
1、snort-lib 默认的安装位置?
2、下面问题不解?
[root@RedHalt root]# snort -vn 3
Initializing Output Plugins!
Log directory = /var/log/snort
Initializing Network Interface eth0
--== Initializing Snort ==--
Decoding Ethernet on interface eth0
--== Initialization Complete ==--
-> Snort! <-
Version 1.9.0 (Build 209)
By Martin Roesch ([email protected], www.snort.org )
03/02-09:58:45.136896 192.168.0.6:1082 -> 211.49.58.179:12000
TCP TTL:128 TOS:0x0 ID:22136 IpLen:20 DgmLen:53 DF
AP Seq: 0x573B34 Ack: 0xA90DCDB Win: 0x2211 TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
03/02-09:58:45.138770 61.183.29.47:27015 -> 192.168.0.12:27005
UDP TTL:126 TOS:0x0 ID:59113 IpLen:20 DgmLen:205
Len: 185
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
03/02-09:58:45.147043 192.168.0.14:1030 -> 61.184.66.76:7200
TCP TTL:64 TOS:0x0 ID:9484 IpLen:20 DgmLen:59
AP Seq: 0x1BD6E Ack: 0xDEC6E972 Win: 0x20A5 TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
Run time for packet processing was 0.27770 seconds
===============================================================================
Snort analyzed 3 out of 3 packets, dropping 0(0.000%) packets
Breakdown by protocol: Action Stats:
TCP: 2 (66.667%) ALERTS: 0
UDP: 1 (33.333%) LOGGED: 0
ICMP: 0 (0.000%) PASSED: 0
ARP: 0 (0.000%)
EAPOL: 0 (0.000%)
IPv6: 0 (0.000%)
IPX: 0 (0.000%)
OTHER: 0 (0.000%)
DISCARD: 0 (0.000%)
===============================================================================
Wireless Stats:
Breakdown by type:
Management Packets: 0 (0.000%)
Control Packets: 0 (0.000%)
Data Packets: 0 (0.000%)
===============================================================================
Fragmentation Stats:
Fragmented IP Packets: 0 (0.000%)
Fragment Trackers: 0
Rebuilt IP Packets: 0
Frag elements used: 0
Discarded(incomplete): 0
Discarded(timeout): 0
Frag2 memory faults: 0
===============================================================================
TCP Stream Reassembly Stats:
TCP Packets Used: 0 (0.000%)