<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <!--Converted with LaTeX2HTML 2002-2-1 (1.71) original version by: Nikos Drakos, CBLU, University of Leeds * revised and updated by: Marcus Hennecke, Ross Moore, Herb Swan * with significant contributions from: Jens Lippmann, Marek Rouchal, Martin Wilck and others --> <HTML> <HEAD> <TITLE>SnortTMUsers Manual 2.3.3 </TITLE> <META NAME="description" CONTENT="SnortTMUsers Manual 2.3.3 "> <META NAME="keywords" CONTENT="snort_manual"> <META NAME="resource-type" CONTENT="document"> <META NAME="distribution" CONTENT="global"> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"> <META NAME="Generator" CONTENT="LaTeX2HTML v2002-2-1"> <META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css"> <LINK REL="STYLESHEET" HREF="snort_manual.css"> <LINK REL="next" HREF="node1.html"> </HEAD> <BODY > <!--Navigation Panel--> <A NAME="tex2html65" HREF="node1.html"> <IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A> <IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up_g.png"> <IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev_g.png"> <A NAME="tex2html63" HREF="node1.html"> <IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A> <BR> <B> Next:</B> <A NAME="tex2html66" HREF="node1.html">Contents</A> <B> <A NAME="tex2html64" HREF="node1.html">Contents</A></B> <BR> <BR> <!--End of Navigation Panel--> <P> <P> <P> <H1 ALIGN="CENTER">Snort<SUP><SMALL>TM</SMALL></SUP>Users Manual <BR> 2.3.3 </H1> <DIV> <P ALIGN="CENTER"><STRONG>The Snort Project</STRONG></P> </DIV> <P> <P> Copyright ©1998-2003 Martin Roesch <P> Copyright ©2001-2003 Chris Green <P> Copyright ©2003-2005 Sourcefire, Inc. <P> <BR><HR> <!--Table of Child-Links--> <A NAME="CHILD_LINKS"></A> <UL> <LI><A NAME="tex2html67" HREF="node1.html">Contents</A> <LI><A NAME="tex2html68" HREF="node2.html">1. Snort Overview</A> <UL> <LI><A NAME="tex2html69" HREF="node3.html">1.1 Getting Started</A> <LI><A NAME="tex2html70" HREF="node4.html">1.2 Sniffer Mode</A> <LI><A NAME="tex2html71" HREF="node5.html">1.3 Packet Logger Mode</A> <LI><A NAME="tex2html72" HREF="node6.html">1.4 Network Intrusion Detection Mode</A> <LI><A NAME="tex2html73" HREF="node7.html">1.5 Inline Mode</A> <LI><A NAME="tex2html74" HREF="node8.html">1.6 Miscellaneous</A> <LI><A NAME="tex2html75" HREF="node9.html">1.7 More Information</A> </UL> <BR> <LI><A NAME="tex2html76" HREF="node10.html">2. Configuring Snort </A> <UL> <LI><A NAME="tex2html77" HREF="node11.html">2.1 Preprocessors</A> <LI><A NAME="tex2html78" HREF="node12.html">2.2 Event Thresholding</A> <LI><A NAME="tex2html79" HREF="node13.html">2.3 Event Suppression</A> <LI><A NAME="tex2html80" HREF="node14.html">2.4 Snort Multi-Event Logging (Event Queue)</A> <LI><A NAME="tex2html81" HREF="node15.html">2.5 Output Modules</A> </UL> <BR> <LI><A NAME="tex2html82" HREF="node16.html">3. Writing Snort Rules <BR> How to Write Snort Rules and Keep Your Sanity</A> <UL> <LI><A NAME="tex2html83" HREF="node17.html">3.1 The Basics</A> <LI><A NAME="tex2html84" HREF="node18.html">3.2 Rules Headers</A> <LI><A NAME="tex2html85" HREF="node19.html">3.3 Rule Options</A> <LI><A NAME="tex2html86" HREF="node20.html">3.4 Meta-Data Rule Options</A> <LI><A NAME="tex2html87" HREF="node21.html">3.5 Payload Detection Rule Options</A> <LI><A NAME="tex2html88" HREF="node22.html">3.6 Non-payload Detection Rule Options</A> <LI><A NAME="tex2html89" HREF="node23.html">3.7 Post-Detection Rule Options</A> <LI><A NAME="tex2html90" HREF="node24.html">3.8 Writing Good Rules</A> </UL> <BR> <LI><A NAME="tex2html91" HREF="node25.html">4. Making Snort Faster</A> <UL> <LI><A NAME="tex2html92" HREF="node26.html">4.1 MMAPed pcap</A> </UL> <BR> <LI><A NAME="tex2html93" HREF="node27.html">5. Snort Development</A> <UL> <LI><A NAME="tex2html94" HREF="node28.html">5.1 Submitting Patches</A> <LI><A NAME="tex2html95" HREF="node29.html">5.2 Snort dataflow</A> <LI><A NAME="tex2html96" HREF="node30.html">5.3 The Snort Team</A> </UL> <BR> <LI><A NAME="tex2html97" HREF="node31.html">Bibliography</A> </UL> <!--End of Table of Child-Links--> <BR><HR> </BODY> </HTML>
