This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
анализ_трафика [2011/09/21 15:18] val |
анализ_трафика [2012/08/22 10:31] val |
||
---|---|---|---|
Line 11: | Line 11: | ||
==== Unix ==== | ==== Unix ==== | ||
<code> | <code> | ||
- | server# ifconfig eth1|le1 up | + | server# ifconfig eth2|em2 up |
- | server# tcpdump -ni eth1|le1 -A -s 0 "port 80" | + | server# tcpdump -ni eth2|em2 -A -s 0 "port 80" |
</code> | </code> | ||
Line 22: | Line 22: | ||
[[http://www.circlemud.org/~jelson/software/tcpflow/]] | [[http://www.circlemud.org/~jelson/software/tcpflow/]] | ||
- | ===== Анализ трафика для предотвращения атак - пакет Snort ===== | + | ===== Анализ трафика для детектирования атак - пакет Snort ===== |
[[Сервис SNORT]] | [[Сервис SNORT]] | ||
<code> | <code> | ||
+ | [server:~] # /usr/local/etc/rc.d/snort stop | ||
[server:~] # pkg_delete -x snort | [server:~] # pkg_delete -x snort | ||
[server:~] # rm -r /usr/local/etc/snort/ | [server:~] # rm -r /usr/local/etc/snort/ | ||
- | root@server.corpX.un:~# apt-get purge snort | + | root@server:~# /etc/init.d/snort stop |
+ | root@server:~# apt-get purge snort | ||
</code> | </code> | ||