This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
анализ_трафика [2011/01/19 14:59] val |
анализ_трафика [2013/10/07 13:43] (current) val [Cisco Switch] |
||
---|---|---|---|
Line 4: | Line 4: | ||
==== Cisco Switch ==== | ==== Cisco Switch ==== | ||
- | <code> | ||
- | monitor session 1 source interface f0/1 both | ||
- | monitor session 1 destination interface f0/2 | ||
- | </code> | ||
+ | * Настройка [[Оборудование уровня 2 Cisco Catalyst#SPAN]] на switch | ||
==== Unix ==== | ==== Unix ==== | ||
<code> | <code> | ||
- | server# ifconfig eth1|le1 up | + | server# ifconfig eth2|em2 up |
- | server# tcpdump -ni eth1|le1 -A -s 0 "port 80" | + | server# tcpdump -ni eth2|em2 -A -s 0 "port 80" |
</code> | </code> | ||
Line 22: | Line 19: | ||
[[http://www.circlemud.org/~jelson/software/tcpflow/]] | [[http://www.circlemud.org/~jelson/software/tcpflow/]] | ||
- | ===== Анализ трафика для предотвращения атак - пакет Snort ===== | + | ===== Анализ трафика для детектирования атак - пакет Snort ===== |
[[Сервис SNORT]] | [[Сервис SNORT]] | ||
- | ===== Использование пакета Snortsam для блокировки хостов ===== | + | ===== Анализ трафика для предотвращения атак - пакет Snortsam ===== |
[[Сервис SNORTSAM]] | [[Сервис SNORTSAM]] | ||
- | |||