First Previous Next Last         Home

UUASC Snort/Acid Presentation - Anatomy of Snort

Slide 13

Note blockquote> * Capture: this stage listens to packets on the promisc. interface, and copies each packet.
* Preprocess: removes things like urlencoding, converts /etc/./password to /etc/password and the like
* match: compares each packet to a set of rules to see if it matches
* log/alert: if ( $packet =~ m/$rule/ ) pass it to mysql for
* alert: acid displays the alert, snortalert.pl sends an ema
Created on Wednesday 30 June 2004 by Nicholas Bernstein with KPresenter