snort 安裝

1. snort 官網地址

https://www.snort.org

2.本次安裝所需要的材料

機器：安裝好Centos 6.7 版本的虛擬機一個，

文件：

libdnet-debuginfo-1.12-13.1.el7.x86_64.rpm

libpcap-devel-1.4.0-4.20130826git2dbcaa1.el6.x86_64.rpm

snort-2.9.8.3.tar.gz （官網可以下載）

daq-2.0.6.tar.gz （官網可以下載）

libdnet-1.11.tar.gz

3.安裝步驟

1. 把文件複製 /tmp 目錄下

2. 安裝 libdnet

運行命令

rpm –i libdnet-debuginfo-1.12-13.1.el7.x86_64.rpm

即可安裝

3. 安裝 libpcap

運行命令

rpm -i libpcap -devel-1.4.0-4.20130826git2dbcaa1.el6.x86_64.rpm

即可安裝

libpcap是unix/linux平臺下的網絡數據包捕獲函數包，大多數網絡監控軟件都以它爲基礎。

4.安裝 libdnet-1.11.tar.gz

cd /usr/local/src <enter>

tar -zxvf /tmp/libdnet-1.11.tar.gz <enter>

cd /usr/local/src/libdnet-1.11 <enter>

./configure –with-pic <enter>
make <enter>

make install <enter>

libdnet 簡介：

libdnet 提供了簡單、可移植的接口來操作底層網絡，包括：

網址操作
內核 arp(4) 緩存和 route(4) 表查找和操作
網絡防火牆 (IP filter, ipfw, ipchains, pf, PktFilter, ...)
網絡接口查找和操作
IP tunnelling (BSD/Linux tun, Universal TUN/TAP device)
原始 IP包和以太網幀傳輸

支持的編程語言：

C, C++
Python
Perl, Ruby (see below)

支持的平臺：

BSD (OpenBSD, FreeBSD, NetBSD, BSD/OS)
Linux (Redhat, Debian, Slackware, etc.)
MacOS X
Windows (NT/2000/XP)
Solaris
IRIX
HP-UX
Tru64

授權協議： BSD
開發語言： C/C++
操作系統：跨平臺

5. 安裝 daq-2.0.6.tar.gz

cd /usr/local/src <enter>
tar -zxvf /tmp/daq-2.0.6.tar.gz <enter>

cd /usr/local/src/daq-2.0.6 <enter>
./configure <enter>
make <enter>

make install <enter>

6. 安裝 snort-2.9.8.3.tar.gz

cd /usr/local/src <enter>

tar -zxvf /tmp/snort-2.9.8.3.tar.gz <enter>

cd /usr/local/src/snort-2.9.8.x <enter>
  ./configure --enable-sourcefire <enter>
   make <enter>
  make install <enter>

7.檢查安裝成果

隨便切換到任意目錄下

[root@hcgCollect usr]# snort -v

控制檯就會打印如下信息：

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

WARNING: No preprocessors configured for policy 0.
05/27-11:39:34.691103 10.20.3.11:58913 -> 10.20.1.129:22
TCP TTL:63 TOS:0x0 ID:7447 IpLen:20 DgmLen:40 DF
***A**** Seq: 0xE7AF876E Ack: 0xA2BE809F Win: 0x100 TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

05/27-11:39:34.692059 10.20.1.129:22 -> 10.20.3.11:58913
TCP TTL:64 TOS:0x10 ID:36146 IpLen:20 DgmLen:696 DF
***AP*** Seq: 0xA2BE89DF Ack: 0xE7AF876E Win: 0x190 TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

WARNING: No preprocessors configured for policy 0.
05/27-11:39:34.692114 10.20.3.11:58913 -> 10.20.1.129:22
TCP TTL:63 TOS:0x0 ID:7448 IpLen:20 DgmLen:40 DF
***A**** Seq: 0xE7AF876E Ack: 0xA2BE848F Win: 0xFC TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

05/27-11:39:34.693060 10.20.1.129:22 -> 10.20.3.11:58913
TCP TTL:64 TOS:0x10 ID:36147 IpLen:20 DgmLen:696 DF
***AP*** Seq: 0xA2BE8C6F Ack: 0xE7AF876E Win: 0x190 TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

05/27-11:39:34.694050 10.20.1.129:22 -> 10.20.3.11:58913
TCP TTL:64 TOS:0x10 ID:36148 IpLen:20 DgmLen:392 DF
***AP*** Seq: 0xA2BE8EFF Ack: 0xE7AF876E Win: 0x190 TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

05/27-11:39:34.695051 10.20.1.129:22 -> 10.20.3.11:58913
TCP TTL:64 TOS:0x10 ID:36149 IpLen:20 DgmLen:392 DF
***AP*** Seq: 0xA2BE905F Ack: 0xE7AF876E Win: 0x190 TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

按 crtl+c 退出當前運行，則會顯示如下信息：

===============================================================================
Run time for packet processing was 56.365547 seconds
Snort processed 54290 packets.
Snort ran for 0 days 0 hours 0 minutes 56 seconds
Pkts/sec: 969
===============================================================================
Memory usage summary:
Total non-mmapped bytes (arena): 806912
Bytes in mapped regions (hblkhd): 21590016
Total allocated space (uordblks): 669680
Total free space (fordblks): 137232
Topmost releasable block (keepcost): 133408
===============================================================================
Packet I/O Totals:
Received: 54292
Analyzed: 54290 ( 99.996%)
Dropped: 0 ( 0.000%)
Filtered: 0 ( 0.000%)
Outstanding: 2 ( 0.004%)
Injected: 0
===============================================================================
Breakdown by protocol (includes rebuilt packets):
Eth: 54290 (100.000%)
VLAN: 0 ( 0.000%)
IP4: 54152 ( 99.746%)
Frag: 0 ( 0.000%)
ICMP: 1 ( 0.002%)
UDP: 227 ( 0.418%)
TCP: 53883 ( 99.250%)
IP6: 123 ( 0.227%)
IP6 Ext: 128 ( 0.236%)
IP6 Opts: 5 ( 0.009%)
Frag6: 0 ( 0.000%)
ICMP6: 9 ( 0.017%)
UDP6: 111 ( 0.204%)
TCP6: 0 ( 0.000%)
Teredo: 7 ( 0.013%)
ICMP-IP: 0 ( 0.000%)
IP4/IP4: 0 ( 0.000%)
IP4/IP6: 0 ( 0.000%)
IP6/IP4: 0 ( 0.000%)
IP6/IP6: 0 ( 0.000%)
GRE: 0 ( 0.000%)
GRE Eth: 0 ( 0.000%)
GRE VLAN: 0 ( 0.000%)
GRE IP4: 0 ( 0.000%)
GRE IP6: 0 ( 0.000%)
GRE IP6 Ext: 0 ( 0.000%)
GRE PPTP: 0 ( 0.000%)
GRE ARP: 0 ( 0.000%)
GRE IPX: 0 ( 0.000%)
GRE Loop: 0 ( 0.000%)
MPLS: 0 ( 0.000%)
ARP: 20 ( 0.037%)
IPX: 0 ( 0.000%)
Eth Loop: 0 ( 0.000%)
Eth Disc: 0 ( 0.000%)
IP4 Disc: 36 ( 0.066%)
IP6 Disc: 0 ( 0.000%)
TCP Disc: 0 ( 0.000%)
UDP Disc: 0 ( 0.000%)
ICMP Disc: 0 ( 0.000%)
All Discard: 36 ( 0.066%)
Other: 7 ( 0.013%)
Bad Chk Sum: 35270 ( 64.966%)
Bad TTL: 0 ( 0.000%)
S5 G 1: 0 ( 0.000%)
S5 G 2: 0 ( 0.000%)
Total: 54290
===============================================================================
Snort exiting

8.到此snort環境搭建已經成功，如果需要正式投入生產中，需要創建規則，此處不做介紹。

vue項目獲取富文本編輯器wangEditor內容導出爲word（html轉word格式並下載）

dotnet C# 創建 X11 應用時設置窗口背景顏色

Navicat安裝與激活教程

TDengine docker安裝方法

vue3組件通信與props

sapui5

Alpine Linux apk add DNS lookup error

部分JDK版本的發佈時間

工作中用到的腳本合集

合併代碼時Beyond Compare設置

Eclipse安裝反編譯插件（jad）

windows 下關於文件被佔用，如何清理問題

linux系統下mysql主從配置

linux下mysql安裝

WIN10如何利用管理員身份修改host文件

https://yachay.unat.edu.pe/blog/index.php?comment_area=format_blog&comment_component=blog&comment_co

linux以太網驅動總結