This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
анализ_трафика [2010/10/26 09:36] val created |
анализ_трафика [2012/08/22 10:31] val |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Анализ трафика ====== | ====== Анализ трафика ====== | ||
+ | |||
+ | ===== SPAN ===== | ||
+ | |||
+ | ==== Cisco Switch ==== | ||
+ | <code> | ||
+ | monitor session 1 source interface f0/0 both | ||
+ | monitor session 1 destination interface f0/15 | ||
+ | </code> | ||
+ | |||
+ | ==== Unix ==== | ||
+ | <code> | ||
+ | server# ifconfig eth2|em2 up | ||
+ | |||
+ | server# tcpdump -ni eth2|em2 -A -s 0 "port 80" | ||
+ | </code> | ||
+ | |||
+ | ===== tcpdump, trafshow===== | ||
+ | |||
+ | ===== Выделение tcp сессий ===== | ||
+ | |||
+ | [[http://www.circlemud.org/~jelson/software/tcpflow/]] | ||
+ | |||
+ | ===== Анализ трафика для детектирования атак - пакет Snort ===== | ||
+ | |||
+ | [[Сервис SNORT]] | ||
+ | |||
+ | <code> | ||
+ | [server:~] # /usr/local/etc/rc.d/snort stop | ||
+ | [server:~] # pkg_delete -x snort | ||
+ | [server:~] # rm -r /usr/local/etc/snort/ | ||
+ | |||
+ | root@server:~# /etc/init.d/snort stop | ||
+ | root@server:~# apt-get purge snort | ||
+ | </code> | ||
+ | |||
+ | ===== Использование пакета Snortsam для блокировки хостов ===== | ||
+ | |||
+ | [[Сервис SNORTSAM]] | ||
+ | |||
+ | |||