← 返回命令列表

Linux command

snort 命令

文本

复制后可按需替换文件名、目录或参数。

常用示例

Sniffer mode

snort -v -i [eth0]

Packet logger

snort -dev -l [/var/log/snort] -i [eth0]

IDS mode

snort -c [/etc/snort/snort.conf] -i [eth0]

Test configuration

snort -T -c [/etc/snort/snort.conf]

Read pcap file

snort -r [capture.pcap] -c [snort.conf]

Daemon mode

snort -D -c [snort.conf] -i [eth0]

Alert modes

snort -A [fast] -c [snort.conf] -i [eth0]

说明

snort is an open-source network intrusion detection and prevention system (IDS/IPS) that performs real-time traffic analysis and packet logging. It examines network traffic against a set of user-defined rules to detect attacks, probes, and suspicious activity. The tool operates in three modes: sniffer mode displays packets on the console, logger mode records traffic to pcap files for offline analysis, and IDS mode applies detection rules and generates alerts. Rules use a flexible language that matches on protocol, content patterns, flow direction, and other packet characteristics. Snort can operate inline as an IPS to actively block detected threats, or passively as an IDS that only monitors and alerts. Its rule format has become an industry standard, with thousands of community and commercial rules available for detecting known vulnerabilities, malware, and policy violations.

参数

-c _FILE_
Configuration file.
-i _INTERFACE_
Network interface.
-l _DIR_
Log directory.
-A _MODE_
Alert mode (fast, full, console).
-D
Daemon mode.
-r _FILE_
Read pcap.
-T
Test configuration.
-v
Verbose.
-d
Dump packet data.
-e
Display link layer.

FAQ

What is the snort command used for?

snort is an open-source network intrusion detection and prevention system (IDS/IPS) that performs real-time traffic analysis and packet logging. It examines network traffic against a set of user-defined rules to detect attacks, probes, and suspicious activity. The tool operates in three modes: sniffer mode displays packets on the console, logger mode records traffic to pcap files for offline analysis, and IDS mode applies detection rules and generates alerts. Rules use a flexible language that matches on protocol, content patterns, flow direction, and other packet characteristics. Snort can operate inline as an IPS to actively block detected threats, or passively as an IDS that only monitors and alerts. Its rule format has become an industry standard, with thousands of community and commercial rules available for detecting known vulnerabilities, malware, and policy violations.

How do I run a basic snort example?

Run `snort -v -i [eth0]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.

What does -c _FILE_ do in snort?

Configuration file.