Snort (Intrusion Detection System)
Snort is a rule based IDS. Snort works in three different modes which is as follows: 1) Sniffer Mode 2) Packet Logger Mode 3) Network Intrusion Detection Mode 1) Sniffer Mode : Sniffer Mode allows you to dump data in the header and body of each packet to the screen when you are running Snort. To start the snort for displaying all application data, enter the command as follows: ./snort –d -> works in most of the version of snort ./snort –dv -> for getting an error message 2) Packet Logger Mode : Packet Logger Mode is different from Sniffer mode because the packet data and headers are written to the hard drive of host on which the snort is running. For writing to the directory named log write the following command: ./snort –dev –l ./log For capturing the logging data on the local network, it is necessary to enter the ip address range of the network ./snort –dev –l ./log –h 192.1