Professional Documents
Culture Documents
• Components
– Sensor
Module-3 – Director
– Post Office
Device Configuration
Contd. Contd.
• Command - show ip access-lists
- which access lists are applied and what traffic is denied by them.
• Command - no ip route-cache • Extended Access list
- If the router is not heavily loaded, debugging can be done at a access−list 101 deny ip host 171.68.118.100 host 10.31.1.161
packet level on the extended or ip inspect access list. log
access−list 101 permit ip any any
Then in enable (but not config) mode:
term mon // terminal monitor command - can be used with log options also
debug ip packet # det // Exec command to display IP debug and IP sec Output:
option *Mar 1 04:44:19.446: %SEC−6−IPACCESSLOGDP: list 111
permitted icmp 171.68.118.100 −> 10.31.1.161 (0/0), 15
Output:
packets
*Mar 1 04:38:28.078: IP: s=10.31.1.161 (Serial0), d=171.68.118.100
(Ethernet0), g=10.31.1.21, len 100, forward
*Mar 1 03:27:13.295: %SEC−6−IPACCESSLOGP: list 118 denied
*Mar 1 04:38:28.086: IP: s=171.68.118.100 (Ethernet0), d=9.9.9.9 (Serial0), tcp 171.68.118.100(0) −> 10.31.1.161(0), 1 packet
g=9.9.9.9, len 100, forward
Start Suricata 28296 107 59.9 366140 304160 ? Ssl 22:47 0:05
# service suricata start /usr/bin/suricata -c /etc/suricata/suricata.yaml --
pidfile /var/run/suricata.pid -i eth0 -D -v --
user=suricata
Snort Configuring Snort
• Open Source NIDS • Setting up Snort on Ubuntu from the source
• Packet sniffer code consists of a couple of steps:
• Works through traffic analysis and packet downloading the code, configuring it,
logging on IP networks. compiling the code, installing it to an
appropriate directory, and lastly configuring
• Runs in 4 modes: the detection rules.
– Sniffer mode
– Packet logger mode
– IDS mode
– IPS mode
- Validating Settings