Sophie

Sophie

distrib > Mandriva > 2006.0 > x86_64 > by-pkgid > 56c5837d9d111437878acba01e4df73e > files > 3057

snort-2.3.3-2.3.20060mdk.x86_64.rpm

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">

<!--Converted with LaTeX2HTML 2002-2-1 (1.71)
original version by:  Nikos Drakos, CBLU, University of Leeds
* revised and updated by:  Marcus Hennecke, Ross Moore, Herb Swan
* with significant contributions from:
  Jens Lippmann, Marek Rouchal, Martin Wilck and others -->
<HTML>
<HEAD>
<TITLE>Contents</TITLE>
<META NAME="description" CONTENT="Contents">
<META NAME="keywords" CONTENT="snort_manual">
<META NAME="resource-type" CONTENT="document">
<META NAME="distribution" CONTENT="global">

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="LaTeX2HTML v2002-2-1">
<META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css">

<LINK REL="STYLESHEET" HREF="snort_manual.css">

<LINK REL="next" HREF="node2.html">
<LINK REL="previous" HREF="snort_manual.html">
<LINK REL="up" HREF="snort_manual.html">
<LINK REL="next" HREF="node2.html">
</HEAD>

<BODY >
<!--Navigation Panel-->
<A NAME="tex2html106"
  HREF="node2.html">
<IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A> 
<A NAME="tex2html104"
  HREF="snort_manual.html">
<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A> 
<A NAME="tex2html98"
  HREF="snort_manual.html">
<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>   
<BR>
<B> Next:</B> <A NAME="tex2html107"
  HREF="node2.html">1. Snort Overview</A>
<B> Up:</B> <A NAME="tex2html105"
  HREF="snort_manual.html">Snort<SUP>TM</SUP>Users Manual 2.3.3</A>
<B> Previous:</B> <A NAME="tex2html99"
  HREF="snort_manual.html">Snort<SUP>TM</SUP>Users Manual 2.3.3</A>
<BR>
<BR>
<!--End of Navigation Panel-->
<BR>

<H2><A NAME="SECTION00100000000000000000">
Contents</A>
</H2>
<!--Table of Contents-->

<UL>
<LI><A NAME="tex2html108"
  HREF="node2.html">1. Snort Overview</A>
<UL>
<LI><A NAME="tex2html109"
  HREF="node3.html">1.1 Getting Started</A>
<LI><A NAME="tex2html110"
  HREF="node4.html">1.2 Sniffer Mode</A>
<LI><A NAME="tex2html111"
  HREF="node5.html">1.3 Packet Logger Mode</A>
<LI><A NAME="tex2html112"
  HREF="node6.html">1.4 Network Intrusion Detection Mode</A>
<UL>
<LI><A NAME="tex2html113"
  HREF="node6.html#SECTION00241000000000000000">1.4.1 NIDS Mode Output Options</A>
<LI><A NAME="tex2html114"
  HREF="node6.html#SECTION00242000000000000000">1.4.2 Understanding Standard Alert Output</A>
<LI><A NAME="tex2html115"
  HREF="node6.html#SECTION00243000000000000000">1.4.3 High Performance Configuration</A>
<LI><A NAME="tex2html116"
  HREF="node6.html#SECTION00244000000000000000">1.4.4 Changing Alert Order</A>
</UL>
<LI><A NAME="tex2html117"
  HREF="node7.html">1.5 Inline Mode</A>
<UL>
<LI><A NAME="tex2html118"
  HREF="node7.html#SECTION00251000000000000000">1.5.1 Snort Inline Rule Application Order</A>
<LI><A NAME="tex2html119"
  HREF="node7.html#SECTION00252000000000000000">1.5.2 New STREAM4 Options for Use with Snort Inline</A>
<LI><A NAME="tex2html120"
  HREF="node7.html#SECTION00253000000000000000">1.5.3 Replacing Packets with Snort Inline</A>
<LI><A NAME="tex2html121"
  HREF="node7.html#SECTION00254000000000000000">1.5.4 Installing Snort Inline</A>
<LI><A NAME="tex2html122"
  HREF="node7.html#SECTION00255000000000000000">1.5.5 Running Snort Inline</A>
<LI><A NAME="tex2html123"
  HREF="node7.html#SECTION00256000000000000000">1.5.6 Using the Honeynet Snort Inline Toolkit</A>
<LI><A NAME="tex2html124"
  HREF="node7.html#SECTION00257000000000000000">1.5.7 Troubleshooting Snort Inline</A>
</UL>
<LI><A NAME="tex2html125"
  HREF="node8.html">1.6 Miscellaneous</A>
<LI><A NAME="tex2html126"
  HREF="node9.html">1.7 More Information</A>
</UL>
<BR>
<LI><A NAME="tex2html127"
  HREF="node10.html">2. Configuring Snort </A>
<UL>
<LI><A NAME="tex2html128"
  HREF="node10.html#SECTION00301000000000000000">2.0.1 Includes</A>
<LI><A NAME="tex2html129"
  HREF="node10.html#SECTION00302000000000000000">2.0.2 Variables </A>
<LI><A NAME="tex2html130"
  HREF="node10.html#SECTION00303000000000000000">2.0.3 Config</A>
<LI><A NAME="tex2html131"
  HREF="node11.html">2.1 Preprocessors</A>
<UL>
<LI><A NAME="tex2html132"
  HREF="node11.html#SECTION00311000000000000000">2.1.1 Portscan Detector</A>
<LI><A NAME="tex2html133"
  HREF="node11.html#SECTION00312000000000000000">2.1.2 Portscan Ignorehosts</A>
<LI><A NAME="tex2html134"
  HREF="node11.html#SECTION00313000000000000000">2.1.3 sfPortscan</A>
<LI><A NAME="tex2html135"
  HREF="node11.html#SECTION00314000000000000000">2.1.4 Frag2</A>
<LI><A NAME="tex2html136"
  HREF="node11.html#SECTION00315000000000000000">2.1.5 Stream4</A>
<LI><A NAME="tex2html137"
  HREF="node11.html#SECTION00316000000000000000">2.1.6 Flow</A>
<LI><A NAME="tex2html138"
  HREF="node11.html#SECTION00317000000000000000">2.1.7 Flow-Portscan</A>
<LI><A NAME="tex2html139"
  HREF="node11.html#SECTION00318000000000000000">2.1.8 Telnet Decode</A>
<LI><A NAME="tex2html140"
  HREF="node11.html#SECTION00319000000000000000">2.1.9 RPC Decode</A>
<LI><A NAME="tex2html141"
  HREF="node11.html#SECTION003110000000000000000">2.1.10 Performance Monitor</A>
<LI><A NAME="tex2html142"
  HREF="node11.html#SECTION003111000000000000000">2.1.11 HTTP Inspect </A>
<LI><A NAME="tex2html143"
  HREF="node11.html#SECTION003112000000000000000">2.1.12 ASN.1 Detection</A>
<LI><A NAME="tex2html144"
  HREF="node11.html#SECTION003113000000000000000">2.1.13 X-Link2State Mini-Preprocessor</A>
</UL>
<LI><A NAME="tex2html145"
  HREF="node12.html">2.2 Event Thresholding</A>
<UL>
<LI><A NAME="tex2html146"
  HREF="node12.html#SECTION00321000000000000000">2.2.1 Standalone Options</A>
<LI><A NAME="tex2html147"
  HREF="node12.html#SECTION00322000000000000000">2.2.2 Standalone Format</A>
<LI><A NAME="tex2html148"
  HREF="node12.html#SECTION00323000000000000000">2.2.3 Rule Keyword Format</A>
<LI><A NAME="tex2html149"
  HREF="node12.html#SECTION00324000000000000000">2.2.4 Rule Keyword Format</A>
<LI><A NAME="tex2html150"
  HREF="node12.html#SECTION00325000000000000000">2.2.5 Examples</A>
</UL>
<LI><A NAME="tex2html151"
  HREF="node13.html">2.3 Event Suppression</A>
<UL>
<LI><A NAME="tex2html152"
  HREF="node13.html#SECTION00331000000000000000">2.3.1 Format</A>
<LI><A NAME="tex2html153"
  HREF="node13.html#SECTION00332000000000000000">2.3.2 Examples</A>
</UL>
<LI><A NAME="tex2html154"
  HREF="node14.html">2.4 Snort Multi-Event Logging (Event Queue)</A>
<UL>
<LI><A NAME="tex2html155"
  HREF="node14.html#SECTION00341000000000000000">2.4.1 Event Queue Configuration Options</A>
<LI><A NAME="tex2html156"
  HREF="node14.html#SECTION00342000000000000000">2.4.2 Event Queue Configuration Examples</A>
</UL>
<LI><A NAME="tex2html157"
  HREF="node15.html">2.5 Output Modules</A>
<UL>
<LI><A NAME="tex2html158"
  HREF="node15.html#SECTION00351000000000000000">2.5.1 alert_syslog </A>
<LI><A NAME="tex2html159"
  HREF="node15.html#SECTION00352000000000000000">2.5.2 alert_fast</A>
<LI><A NAME="tex2html160"
  HREF="node15.html#SECTION00353000000000000000">2.5.3 alert_full</A>
<LI><A NAME="tex2html161"
  HREF="node15.html#SECTION00354000000000000000">2.5.4 alert_unixsock</A>
<LI><A NAME="tex2html162"
  HREF="node15.html#SECTION00355000000000000000">2.5.5 log_tcpdump</A>
<LI><A NAME="tex2html163"
  HREF="node15.html#SECTION00356000000000000000">2.5.6 database </A>
<LI><A NAME="tex2html164"
  HREF="node15.html#SECTION00357000000000000000">2.5.7 csv</A>
<LI><A NAME="tex2html165"
  HREF="node15.html#SECTION00358000000000000000">2.5.8 unified</A>
<LI><A NAME="tex2html166"
  HREF="node15.html#SECTION00359000000000000000">2.5.9 log null</A>
</UL>
</UL>
<BR>
<LI><A NAME="tex2html167"
  HREF="node16.html">3. Writing Snort Rules
How to Write Snort Rules and Keep Your Sanity</A>
<UL>
<LI><A NAME="tex2html168"
  HREF="node17.html">3.1 The Basics</A>
<LI><A NAME="tex2html169"
  HREF="node18.html">3.2 Rules Headers</A>
<UL>
<LI><A NAME="tex2html170"
  HREF="node18.html#SECTION00421000000000000000">3.2.1 Rule Actions </A>
<LI><A NAME="tex2html171"
  HREF="node18.html#SECTION00422000000000000000">3.2.2 Protocols</A>
<LI><A NAME="tex2html172"
  HREF="node18.html#SECTION00423000000000000000">3.2.3 IP Addresses</A>
<LI><A NAME="tex2html173"
  HREF="node18.html#SECTION00424000000000000000">3.2.4 Port Numbers</A>
<LI><A NAME="tex2html174"
  HREF="node18.html#SECTION00425000000000000000">3.2.5 The Direction Operator</A>
<LI><A NAME="tex2html175"
  HREF="node18.html#SECTION00426000000000000000">3.2.6 Activate/Dynamic Rules</A>
</UL>
<LI><A NAME="tex2html176"
  HREF="node19.html">3.3 Rule Options</A>
<LI><A NAME="tex2html177"
  HREF="node20.html">3.4 Meta-Data Rule Options</A>
<UL>
<LI><A NAME="tex2html178"
  HREF="node20.html#SECTION00441000000000000000">3.4.1 msg</A>
<LI><A NAME="tex2html179"
  HREF="node20.html#SECTION00442000000000000000">3.4.2 reference</A>
<LI><A NAME="tex2html180"
  HREF="node20.html#SECTION00443000000000000000">3.4.3 sid</A>
<LI><A NAME="tex2html181"
  HREF="node20.html#SECTION00444000000000000000">3.4.4 rev </A>
<LI><A NAME="tex2html182"
  HREF="node20.html#SECTION00445000000000000000">3.4.5 classtype</A>
<LI><A NAME="tex2html183"
  HREF="node20.html#SECTION00446000000000000000">3.4.6 Priority</A>
</UL>
<LI><A NAME="tex2html184"
  HREF="node21.html">3.5 Payload Detection Rule Options</A>
<UL>
<LI><A NAME="tex2html185"
  HREF="node21.html#SECTION00451000000000000000">3.5.1 content</A>
<LI><A NAME="tex2html186"
  HREF="node21.html#SECTION00452000000000000000">3.5.2 nocase</A>
<LI><A NAME="tex2html187"
  HREF="node21.html#SECTION00453000000000000000">3.5.3 rawbytes </A>
<LI><A NAME="tex2html188"
  HREF="node21.html#SECTION00454000000000000000">3.5.4 depth</A>
<LI><A NAME="tex2html189"
  HREF="node21.html#SECTION00455000000000000000">3.5.5 offset</A>
<LI><A NAME="tex2html190"
  HREF="node21.html#SECTION00456000000000000000">3.5.6 distance</A>
<LI><A NAME="tex2html191"
  HREF="node21.html#SECTION00457000000000000000">3.5.7 within</A>
<LI><A NAME="tex2html192"
  HREF="node21.html#SECTION00458000000000000000">3.5.8 uricontent</A>
<LI><A NAME="tex2html193"
  HREF="node21.html#SECTION00459000000000000000">3.5.9 isdataat</A>
<LI><A NAME="tex2html194"
  HREF="node21.html#SECTION004510000000000000000">3.5.10 pcre </A>
<LI><A NAME="tex2html195"
  HREF="node21.html#SECTION004511000000000000000">3.5.11 byte_test</A>
<LI><A NAME="tex2html196"
  HREF="node21.html#SECTION004512000000000000000">3.5.12 byte_jump</A>
<LI><A NAME="tex2html197"
  HREF="node21.html#SECTION004513000000000000000">3.5.13 regex</A>
<LI><A NAME="tex2html198"
  HREF="node21.html#SECTION004514000000000000000">3.5.14 content-list</A>
</UL>
<LI><A NAME="tex2html199"
  HREF="node22.html">3.6 Non-payload Detection Rule Options</A>
<UL>
<LI><A NAME="tex2html200"
  HREF="node22.html#SECTION00461000000000000000">3.6.1 fragoffset </A>
<LI><A NAME="tex2html201"
  HREF="node22.html#SECTION00462000000000000000">3.6.2 ttl</A>
<LI><A NAME="tex2html202"
  HREF="node22.html#SECTION00463000000000000000">3.6.3 tos</A>
<LI><A NAME="tex2html203"
  HREF="node22.html#SECTION00464000000000000000">3.6.4 id</A>
<LI><A NAME="tex2html204"
  HREF="node22.html#SECTION00465000000000000000">3.6.5 ipopts</A>
<LI><A NAME="tex2html205"
  HREF="node22.html#SECTION00466000000000000000">3.6.6 fragbits</A>
<LI><A NAME="tex2html206"
  HREF="node22.html#SECTION00467000000000000000">3.6.7 dsize</A>
<LI><A NAME="tex2html207"
  HREF="node22.html#SECTION00468000000000000000">3.6.8 flags</A>
<LI><A NAME="tex2html208"
  HREF="node22.html#SECTION00469000000000000000">3.6.9 flow</A>
<LI><A NAME="tex2html209"
  HREF="node22.html#SECTION004610000000000000000">3.6.10 flowbits</A>
<LI><A NAME="tex2html210"
  HREF="node22.html#SECTION004611000000000000000">3.6.11 seq</A>
<LI><A NAME="tex2html211"
  HREF="node22.html#SECTION004612000000000000000">3.6.12 ack</A>
<LI><A NAME="tex2html212"
  HREF="node22.html#SECTION004613000000000000000">3.6.13 window</A>
<LI><A NAME="tex2html213"
  HREF="node22.html#SECTION004614000000000000000">3.6.14 itype</A>
<LI><A NAME="tex2html214"
  HREF="node22.html#SECTION004615000000000000000">3.6.15 icode</A>
<LI><A NAME="tex2html215"
  HREF="node22.html#SECTION004616000000000000000">3.6.16 icmp_id</A>
<LI><A NAME="tex2html216"
  HREF="node22.html#SECTION004617000000000000000">3.6.17 icmp_seq</A>
<LI><A NAME="tex2html217"
  HREF="node22.html#SECTION004618000000000000000">3.6.18 rpc</A>
<LI><A NAME="tex2html218"
  HREF="node22.html#SECTION004619000000000000000">3.6.19 ip_proto</A>
<LI><A NAME="tex2html219"
  HREF="node22.html#SECTION004620000000000000000">3.6.20 sameip</A>
</UL>
<LI><A NAME="tex2html220"
  HREF="node23.html">3.7 Post-Detection Rule Options</A>
<UL>
<LI><A NAME="tex2html221"
  HREF="node23.html#SECTION00471000000000000000">3.7.1 logto</A>
<LI><A NAME="tex2html222"
  HREF="node23.html#SECTION00472000000000000000">3.7.2 session</A>
<LI><A NAME="tex2html223"
  HREF="node23.html#SECTION00473000000000000000">3.7.3 resp</A>
<LI><A NAME="tex2html224"
  HREF="node23.html#SECTION00474000000000000000">3.7.4 React</A>
<LI><A NAME="tex2html225"
  HREF="node23.html#SECTION00475000000000000000">3.7.5 tag </A>
</UL>
<LI><A NAME="tex2html226"
  HREF="node24.html">3.8 Writing Good Rules</A>
<UL>
<LI><A NAME="tex2html227"
  HREF="node24.html#SECTION00481000000000000000">3.8.1 Content Matching</A>
<LI><A NAME="tex2html228"
  HREF="node24.html#SECTION00482000000000000000">3.8.2 Catch the Vulnerability, Not the Exploit</A>
<LI><A NAME="tex2html229"
  HREF="node24.html#SECTION00483000000000000000">3.8.3 Catch the Oddities of the Protocol in the Rule</A>
<LI><A NAME="tex2html230"
  HREF="node24.html#SECTION00484000000000000000">3.8.4 Optimizing Rules</A>
<LI><A NAME="tex2html231"
  HREF="node24.html#SECTION00485000000000000000">3.8.5 testing numerical values </A>
</UL>
</UL>
<BR>
<LI><A NAME="tex2html232"
  HREF="node25.html">4. Making Snort Faster</A>
<UL>
<LI><A NAME="tex2html233"
  HREF="node26.html">4.1 MMAPed pcap</A>
</UL>
<BR>
<LI><A NAME="tex2html234"
  HREF="node27.html">5. Snort Development</A>
<UL>
<LI><A NAME="tex2html235"
  HREF="node28.html">5.1 Submitting Patches</A>
<LI><A NAME="tex2html236"
  HREF="node29.html">5.2 Snort dataflow</A>
<UL>
<LI><A NAME="tex2html237"
  HREF="node29.html#SECTION00621000000000000000">5.2.1 Preprocessors</A>
<LI><A NAME="tex2html238"
  HREF="node29.html#SECTION00622000000000000000">5.2.2 Detection Plugins</A>
<LI><A NAME="tex2html239"
  HREF="node29.html#SECTION00623000000000000000">5.2.3 Output Plugins</A>
</UL>
<LI><A NAME="tex2html240"
  HREF="node30.html">5.3 The Snort Team</A>
</UL>
<BR>
<LI><A NAME="tex2html241"
  HREF="node31.html">Bibliography</A>
</UL>
<!--End of Table of Contents-->

<P>
<BR><HR>

</BODY>
</HTML>

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional