(Snort User Manual Chapter 1 Snort Introduction Snort has three working modes: sniffer, packet recorder, network intrusion/intrusion detection system. Sniffer mode simply reads packets from the network and displays them on the terminal as a continuous stream. Packet recorder mode records packets to hard disk. The network intrusion/intrusion detection mode is the most complex and configurable. We can let snort analyze the network data flow to match some rules defined by the user, and take certain actions according to the detection results. Sniffer The so-called sniffer mode is where snort reads packets from the network and displays them on your console. First, let's start with the most basic usage. If you just want to print TCP/IP information on the screen, just type the following command:
Snort Chinese Manual.htm
.....)