Books & Videos

Table of Contents

  1. Chapter 1 Installation and Optimization

    1. Introduction

    2. Installing Snort from Source on Unix

    3. Installing Snort Binaries on Linux

    4. Installing Snort on Solaris

    5. Installing Snort on Windows

    6. Uninstalling Snort from Windows

    7. Installing Snort on Mac OS X

    8. Uninstalling Snort from Linux

    9. Upgrading Snort on Linux

    10. Monitoring Multiple Network Interfaces

    11. Invisibly Tapping a Hub

    12. Invisibly Sniffing Between Two Network Points

    13. Invisibly Sniffing 100 MB Ethernet

    14. Sniffing Gigabit Ethernet

    15. Tapping a Wireless Network

    16. Positioning Your IDS Sensors

    17. Capturing and Viewing Packets

    18. Logging Packets That Snort Captures

    19. Running Snort to Detect Intrusions

    20. Reading a Saved Capture File

    21. Running Snort as a Linux Daemon

    22. Running Snort as a Windows Service

    23. Capturing Without Putting the Interface into Promiscuous Mode

    24. Reloading Snort Settings

    25. Debugging Snort Rules

    26. Building a Distributed IDS (Plain Text)

    27. Building a Distributed IDS (Encrypted)

  2. Chapter 2 Logging, Alerts, and Output Plug-ins

    1. Introduction

    2. Logging to a File Quickly

    3. Logging Only Alerts

    4. Logging to a CSV File

    5. Logging to a Specific File

    6. Logging to Multiple Locations

    7. Logging in Binary

    8. Viewing Traffic While Logging

    9. Logging Application Data

    10. Logging to the Windows Event Viewer

    11. Logging Alerts to a Database

    12. Installing and Configuring MySQL

    13. Configuring MySQL for Snort

    14. Using PostgreSQL with Snort and ACID

    15. Logging in PCAP Format (TCPDump)

    16. Logging to Email

    17. Logging to a Pager or Cell Phone

    18. Optimizing Logging

    19. Reading Unified Logged Data

    20. Generating Real-Time Alerts

    21. Ignoring Some Alerts

    22. Logging to System Logfiles

    23. Fast Logging

    24. Logging to a Unix Socket

    25. Not Logging

    26. Prioritizing Alerts

    27. Capturing Traffic from a Specific TCP Session

    28. Killing a Specific Session

  3. Chapter 3 Rules and Signatures

    1. Introduction

    2. How to Build Rules

    3. Keeping the Rules Up to Date

    4. Basic Rules You Shouldn't Leave Home Without

    5. Dynamic Rules

    6. Detecting Binary Content

    7. Detecting Malware

    8. Detecting Viruses

    9. Detecting IM

    10. Detecting P2P

    11. Detecting IDS Evasion

    12. Countermeasures from Rules

    13. Testing Rules

    14. Optimizing Rules

    15. Blocking Attacks in Real Time

    16. Suppressing Rules

    17. Thresholding Alerts

    18. Excluding from Logging

    19. Carrying Out Statistical Analysis

  4. Chapter 4 Preprocessing: An Introduction

    1. Introduction

    2. Detecting Stateless Attacks and Stream Reassembly

    3. Detecting Fragmentation Attacks and Fragment Reassembly with Frag2

    4. Detecting and Normalizing HTTP Traffic

    5. Decoding Application Traffic

    6. Detecting Port Scans and Talkative Hosts

    7. Getting Performance Metrics

    8. Experimental Preprocessors

    9. Writing Your Own Preprocessor

  5. Chapter 5 Administrative Tools

    1. Introduction

    2. Managing Snort Sensors

    3. Installing and Configuring IDScenter

    4. Installing and Configuring SnortCenter

    5. Installing and Configuring Snortsnarf

    6. Running Snortsnarf Automatically

    7. Installing and Configuring ACID

    8. Securing ACID

    9. Installing and Configuring Swatch

    10. Installing and Configuring Barnyard

    11. Administering Snort with IDS Policy Manager

    12. Integrating Snort with Webmin

    13. Administering Snort with HenWen

    14. Newbies Playing with Snort Using EagleX

  6. Chapter 6 Log Analysis

    1. Introduction

    2. Generating Statistical Output from Snort Logs

    3. Generating Statistical Output from Snort Databases

    4. Performing Real-Time Data Analysis

    5. Generating Text-Based Log Analysis

    6. Creating HTML Log Analysis Output

    7. Tools for Testing Signatures

    8. Analyzing and Graphing Logs

    9. Analyzing Sniffed (Pcap) Traffic

    10. Writing Output Plug-ins

  7. Chapter 7 Miscellaneous Other Uses

    1. Introduction

    2. Monitoring Network Performance

    3. Logging Application Traffic

    4. Recognizing HTTP Traffic on Unusual Ports

    5. Creating a Reactive IDS

    6. Monitoring a Network Using Policy-Based IDS

    7. Port Knocking

    8. Obfuscating IP Addresses

    9. Passive OS Fingerprinting

    10. Working with Honeypots and Honeynets

    11. Performing Forensics Using Snort

    12. Snort and Investigations

    13. Snort as Legal Evidence in the U.S.

    14. Snort as Evidence in the U.K.

    15. Snort as a Virus Detection Tool

    16. Staying Legal

  1. Colophon