Term
|
Definition
| One of Snort's 3 primary modes: packing logging mode: -l flag: specifies log file directory. |
|
|
Term
|
Definition
| Sniffer mode: print out the TCP/IP packet headers to the screen (no data in this instance). adding -d is more verbose, showing data. Adding -e is even more verbose, showing data link layer information. |
|
|
Term
| snort -c c:\snort\etc\snort.conf |
|
Definition
| IDS mode: specify which configuration file you want to use. This option is handy if you want to test several configuration files. |
|
|
Term
|
Definition
| Sends alerts to a syslog server. |
|
|
Term
|
Definition
|
|
Term
|
Definition
| Run Snort quietly. If you aren't interested in the banner and initialization information, you can suppress them with this |
|
|
Term
|
Definition
| Generates an alert depending on the value of alert-mode : fast, full, none and unsock. |
|
|
Term
|
Definition
| Displays the application layer data in verbose (see -v option) or packet logging mode (sometimes set in sniffer mode for more information) |
|
|
Term
|
Definition
| more verbose; displays or logs the link layer packet headers (sometimes set in sniffer mode for more information) |
|
|
Term
|
Definition
| Logs packets in the tcpdump format. Since files in tcpdump format are smaller, it is very fast and a excellent option on high-traffic networks. |
|
|
Term
|
Definition
| Prints payload data in character format instead of the default, which is hexadecimal format. |
|
|
Term
|
Definition
| Sets the "home network" to a specific address in CIDR format (for example 192.168.100.0/24). This option is equivalent to setting the HOME_NET variable in the snort.conf configuration file. With this variable set, all packet logging is done relative to the home network address space. |
|
|
Term
|
Definition
| Sets the filename of the binary logflile. The default name is a timestamp (when the file was created) plus snort.log. |
|
|
Term
|
Definition
| This command will run Snort and show the IP and TCP/UDP/ICMP headers *plus* application data in transit. |
|
|
Term
| snort -vde OR snort -v -d -e |
|
Definition
| Display the headers, packet data as well as the layer 2 (data link) header info. |
|
|
Term
|
Definition
| Record the packets to the disk by specifying a logging directory and Snort will automatically know to go into packet logger mode |
|
|
