Table of Content
 

 

Installation and Optimization

  •  Introduction    
  •  Installing Snort from Source 
  •  Installing Snort 
  •  Upgrading Snort 
  •   Monitoring Multiple Network Interfaces
  •   Invisibly Tapping a Hub
  •   Invisibly Sniffing Between Two Network Points
  •   Invisibly Sniffing  MB Ethernet
  •   Sniffing Gigabit Ethernet
  •   Tapping a Wireless Network
  •   Positioning Your IDS Sensors
  •   Capturing and Viewing Packets
  •   Logging Packets That Snort Captures
  •   Running Snort to Detect Intrusions
  •   Reading a Saved Capture File
  •   Running Snort as a Linux Daemon
  •   Running Snort as a Windows Service
  •   Capturing Without Putting the Interface into Promiscuous Mode
  •   Reloading Snort Settings
  •   Debugging Snort Rules
  •   Building a Distributed IDS 
  •  Logging, Alerts, and Output Plug-ins
  •   Introduction
  •   Logging to a File Quickly
  •   Logging Only Alerts
  •   Logging to a CSV File
  •   Logging to a Specific File
  •   Logging to Multiple Locations
  •   Logging in Binary
  •   Viewing Traffic While Logging
  •   Logging Application Data
  •   Logging to the Windows Event Viewer
  •   Logging Alerts to a Database
  •   Installing and Configuring MySQL
  •   Configuring MySQL for Snort
  •   Using PostgreSQL with Snort and ACID
  •   Logging in PCAP Format (TCPDump)
  •   Logging to Email
  •   Logging to a Pager or Cell Phone
  •   Optimizing Logging
  •   Reading Unified Logged Data
  •   Generating Real-Time Alerts
  •   Ignoring Some Alerts
  •   Logging to System Logfiles
  •   Fast Logging
  •   Logging to a Unix Socket
  •   Not Logging
  •   Prioritizing Alerts
  •   Capturing Traffic from a Specific TCP Session
  •   Killing a Specific Session

Rules and Signatures

  •   Introduction
  •   How to Build Rules
  •   Keeping the Rules Up to Date
  •   Basic Rules You Shouldn't Leave Home Without
  •   Dynamic Rules
  •   Detecting Binary Content
  •   Detecting Malware
  •   Detecting Viruses
  •   Detecting IM
  •   Detecting PP
  •   Detecting IDS Evasion
  •   Countermeasures from Rules
  •   Testing Rules
  •   Optimizing Rules
  •   Blocking Attacks in Real Time
  •   Suppressing Rules
  •   Thresholding Alerts
  •   Excluding from Logging
  •   Carrying Out Statistical Analysis
  •  Preprocessing: An Introduction
  •   Introduction
  •   Detecting Stateless Attacks and Stream Reassembly
  •   Detecting Fragmentation Attacks and Fragment Reassembly with Frag
  •   Detecting and Normalizing HTTP Traffic
  •   Decoding Application Traffic
  •   Detecting Port Scans and Talkative Hosts
  •   Getting Performance Metrics
  •   Experimental Preprocessors
  •   Writing Your Own Preprocessor
  •  Administrative Tools
  •   Introduction
  •   Managing Snort Sensors
  •   Installing and Configuring IDScenter
  •   Installing and Configuring SnortCenter
  •   Installing and Configuring Snortsnarf
  •   Running Snortsnarf Automatically
  •   Installing and Configuring ACID
  •   Securing ACID
  •   Installing and Configuring Swatch
  •   Installing and Configuring Barnyard
  •   Administering Snort with IDS Policy Manager
  •   Integrating Snort with Webmin
  •   Administering Snort with HenWen
  •   Newbies Playing with Snort Using EagleX

Log Analysis

  •   Introduction
  •   Generating Statistical Output from Snort Logs
  •   Generating Statistical Output from Snort Databases
  •   Performing Real-Time Data Analysis
  •   Generating Text-Based Log Analysis
  •   Creating HTML Log Analysis Output
  •   Tools for Testing Signatures
  •   Analyzing and Graphing Logs
  •   Analyzing Sniffed (Pcap) Traffic
  •   Writing Output Plug-ins

Other Uses

  •   Introduction
  •   Monitoring Network Performance
  •   Logging Application Traffic
  •   Recognizing HTTP Traffic on Unusual Ports
  •   Creating a Reactive IDS
  •   Monitoring a Network Using Policy-Based IDS
  •   Port Knocking
  •   Obfuscating IP Addresses
  •   Passive OS Fingerprinting
  •   Working with Honeypots and Honeynets
  •   Performing Forensics Using Snort
  •   Snort and Investigations
  •   Snort as Legal Evidence in the US
  •   Snort as Evidence in the UK
  •   Snort as a Virus Detection Tool
  •   Staying Legal


Apply for Certification

https://www.vskills.in/certification/Snort-Certification