(? Snort has three working modes: sniffer, packet recorder and network intrusion detection system. Sniffer mode simply reads packets from the network and displays them on the terminal as a continuous stream. The packet recorder mode records packets to the hard disk. The network intrusion detection mode is the most complex and configurable. We can let snort analyze the network data flow to match some user-defined rules, and take certain actions according to the detection results.? The most important use of Snort is as a network intrusion detection system (NIDS). Introduction snort is not a complicated and difficult software. Snort can operate in three modes: sniffermode: in this mode, Snort will retrieve packets in the existing domain and display them on the screen. Packetloggermode: in this mode, Snort stores the captured packets into storage media (such as hard disk). Inlinemode: in this mode, Snort can analyze the captured packets and judge whether there are network attacks according to certain rules.)
收藏
