Chapter 12. Writing TCPdump Filters
This is the first of three chapters that discusses writing filters or signatures to detect anomalous behavior. The authors have chosen to discuss these particular filters and signatures for a couple of reasons. The first is because these signatures are available with freeware and available to the masses—even the impoverished. The second reason is that there are so many IDS packages today, it is almost impossible to cover them and yet not be accused of bias or favoritism because of omissions. As a fair compromise, we have chosen this chapter to discuss TCPdump and the following two chapters to discuss Snort signatures. ...
Get Network Intrusion Detection, Third Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.