LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-15-2011, 08:24 PM   #1
jaz7324
LQ Newbie
 
Registered: Dec 2011
Posts: 1

Rep: Reputation: Disabled
Snort Analysis


Hi I'm new to this. So any help would be appreciated. I'm trying to find out what is the easiest way to read a snort analysis?
 
Old 12-16-2011, 04:57 PM   #2
joeldavis
LQ Newbie
 
Registered: Mar 2011
Posts: 28

Rep: Reputation: 1
I'm not 100% on snort, but you may try one of these screencasts or by checking with #snort on freenode since that's a topic I don't think a lot of people on LQ are going to know the answer two.
 
Old 12-16-2011, 08:28 PM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529Reputation: 3529
Quote:
Originally Posted by jaz7324 View Post
I'm trying to find out what is the easiest way to read a snort analysis?
Two problems with your post. One, you haven't given any details what data you have and there's the phrase "the easiest way". While most frameworks or applications with a point-and-click interface may lead you to believe otherwise, simply put there is no way you will be able to perform -=any=- analysis without first having to gain knowledge. To understand what Snort logs you need to understand what triggers those rules. In some cases it may be strings that one on one point to a known attack on a service (SQL injection) or application (AWStats exploit), in other cases it may be something issued by Snort itself (ICMP: traceroute) and in other cases it may be packets that were mangled in flight. So you will need a basic understanding of how IP suite protocols work and how systems may respond (or not): see The TCP/IP Guide for starters. As for tools there's a lot that can be viewed by running packet captures through Wireshark and looking at payloads(*).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
1-snort Vs ntop-- 2- snort perfstat.exec PoleStar Linux - Newbie 1 09-06-2010 02:52 PM
[snort] Understanding Snort Rules Fracker Linux - Security 3 04-13-2009 10:34 AM
[HELP]SNORT PROBLEMS(IDS)-service snort start JayCool Linux - Software 5 03-15-2009 01:34 PM
Snort - no portscan and tcp alerts in snort av.dubey Linux - Software 6 07-11-2008 10:56 PM
Error when starting up snort: bash:!/bin/sh/usr/local/bin/snort :Eent not found cynthia_thomas Linux - Software 1 11-11-2005 03:59 PM


All times are GMT -5. The time now is 10:17 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration