Chapter 8

Using SNORT

Abstract

We show how to set up and use SNORT as a way of testing network intrusions. We demonstrate how to use the tool to sync signatures and apply it to security zones. Last, we demonstrate how to use visual tools like Snorby to facilitate practical use of the tool.

Keywords

SNORT

Snorby

intrusion detection

SNORT, developed in 1998 and which is now maintained by Cisco, is an industry leading Intrusion Detection System/Intrusion pretension System (IDP/IPS). The tool looks at traffic in real time and triggers a response based on patterns (SNORT rules). Snort is based on libcap, an open source tool for capturing packets. Using protocol analysis and content inspection, SNORT can detect different types of attacks in the network ...

Get Network Performance and Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Network Performance and Security by Chris Chapman

Using SNORT

Abstract

Keywords

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly