Rule based SIDs are written directly into the rules with the sid option The

Rule based sids are written directly into the rules

This preview shows page 2 - 3 out of 3 pages.

Rule-based SIDs are written directly into the rules with the sid option. The third number is the revision ID . This number is primarily used when writing signatures, as each rendition of the rule should increment this number with the rev option. There are a number of alert modes which can be used using ‘–A’ to append it to the command. We will be making use of the fast, full and test . Please use the PCAP file for this assignment. It can be found at /home/student/ snort_src/InfectedPcaps/infected.pcap . To read a pcap file using Snort, you can use one of the following options: $ sudo snort -r <file> $ sudo snort --pcap-single=<file> Please wait for the message “Snort exiting” before reading the results. SUBMIT FOR THE ASSIGNMENT: Answer the following questions using the alert log file provided. Please provide screenshots wherever necessary . Please turn in a single report containing answers and analysis to the questions below in PDF format .
Image of page 2
Image of page 3

You've reached the end of your free preview.

Want to read all 3 pages?

  • Spring '16
  • keith
  • IP address, Intrusion prevention system, Network intrusion detection system, Intrusion detection system, Use sudo

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture