Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 12-15-2011, 08:24 PM   #1
LQ Newbie
Registered: Dec 2011
Posts: 1

Rep: Reputation: Disabled
Snort Analysis

Hi I'm new to this. So any help would be appreciated. I'm trying to find out what is the easiest way to read a snort analysis?
Old 12-16-2011, 04:57 PM   #2
LQ Newbie
Registered: Mar 2011
Posts: 28

Rep: Reputation: 1
I'm not 100% on snort, but you may try one of these screencasts or by checking with #snort on freenode since that's a topic I don't think a lot of people on LQ are going to know the answer two.
Old 12-16-2011, 08:28 PM   #3
Registered: May 2001
Posts: 29,393
Blog Entries: 55

Rep: Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565
Originally Posted by jaz7324 View Post
I'm trying to find out what is the easiest way to read a snort analysis?
Two problems with your post. One, you haven't given any details what data you have and there's the phrase "the easiest way". While most frameworks or applications with a point-and-click interface may lead you to believe otherwise, simply put there is no way you will be able to perform -=any=- analysis without first having to gain knowledge. To understand what Snort logs you need to understand what triggers those rules. In some cases it may be strings that one on one point to a known attack on a service (SQL injection) or application (AWStats exploit), in other cases it may be something issued by Snort itself (ICMP: traceroute) and in other cases it may be packets that were mangled in flight. So you will need a basic understanding of how IP suite protocols work and how systems may respond (or not): see The TCP/IP Guide for starters. As for tools there's a lot that can be viewed by running packet captures through Wireshark and looking at payloads(*).


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
1-snort Vs ntop-- 2- snort perfstat.exec PoleStar Linux - Newbie 1 09-06-2010 02:52 PM
[snort] Understanding Snort Rules Fracker Linux - Security 3 04-13-2009 10:34 AM
[HELP]SNORT PROBLEMS(IDS)-service snort start JayCool Linux - Software 5 03-15-2009 01:34 PM
Snort - no portscan and tcp alerts in snort av.dubey Linux - Software 6 07-11-2008 10:56 PM
Error when starting up snort: bash:!/bin/sh/usr/local/bin/snort :Eent not found cynthia_thomas Linux - Software 1 11-11-2005 03:59 PM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 10:00 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration