snort 中文手册
snort系统组建:snort由三个主要的子系统构成:数据包解码器,查看引擎,日志与报警系统。Snort有三种工作模式:嗅探器、数据包记录器、网络侵/入查看系统。嗅探器模式仅仅是从网络上读取数据包并作为接二连三的流显示在终端上。数据包记录器模式把数据包记录到硬盘上。网路侵/入查看模式是最杂乱的,并且是可配置的。我们能够让snort分析网络数据流以匹配用户定义的一些规则,并依据查看成果采纳必定的动作。(snort system composition: snort consists of three main subsystems: packet decoder, viewing engine, log and alarm system. Snort has three working modes: sniffer, packet logger, and network intrusion/intrusion viewing system. Sniffer mode simply reads packets from the network and displays them on the terminal as a continuous stream. Packet recorder mode records packets to hard disk. The network intrusion/intrusion viewing mode is the most messy and configurable. We can have snort analyze the network data flow to match some user-defined rules and take certain actions based on the results of the viewing.)
页:
[1]