不多说,直接上干货!

  关于tcpdump二进制格式,这个基本概念不说。

  支持tcpdump二进制格式的嗅探器工具,这里我说两个:tcpdump或者ethereal。

[root@datatest SecondWeek]# pwd

/root/data/DARPA1999/SecondWeek

[root@datatest SecondWeek]# ll

total

-rw-r--r--.  root root  Aug   : inside.tcpdump

[root@datatest SecondWeek]# snort -dv -r inside.tcpdump

  我这里,读取的是DARPA 1999数据集的第二周的内网inside.tcpdump二进制数据。

  

   这里的 -r命令,我就不说啦。 就是将一个tcpdump格式的二进制文件读取打印到屏幕上的意思。

  

  这里,我扩展下

[root@datatest SecondWeek]# snort -v

  这个命令搭配的意思是,使得snort只输出IP、TCP、UDP和ICMP的包头信息

[root@datatest SecondWeek]# snort -v -r inside.tcpdump
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

WARNING: No preprocessors configured for policy .

/-::46.461764 207.25.71.141: -> 172.16.112.194:

TCP TTL: TOS:0x0 ID: IpLen: DgmLen:

***A**S* Seq: 0x328B83B0  Ack: 0x48DA2A1F  Win: 0x7FE0  TcpLen:

TCP Options () => MSS:

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

WARNING: No preprocessors configured for policy .

/-::46.461920 172.16.112.194: -> 207.25.71.141:

TCP TTL: TOS:0x0 ID: IpLen: DgmLen: DF

***A**** Seq: 0x48DA2A1F  Ack: 0x328B83B1  Win: 0x7D78  TcpLen: 

*** Caught Int-Signal

WARNING: No preprocessors configured for policy .

/-::46.869826 172.16.112.194: -> 207.25.71.141:

TCP TTL: TOS:0x0 ID: IpLen: DgmLen: DF

***A**** Seq: 0x6F2E7AF7  Ack: 0xB057C6D7  Win: 0x7D78  TcpLen:

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

===============================================================================

Run time for packet processing was 0.228905 seconds

Snort processed  packets.

Snort ran for  days  hours  minutes  seconds

   Pkts/sec:

===============================================================================

Memory usage summary:

  Total non-mmapped bytes (arena):

  Bytes in mapped regions (hblkhd):

  Total allocated space (uordblks):

  Total free space (fordblks):

  Topmost releasable block (keepcost):

===============================================================================

Packet I/O Totals:

   Received:

   Analyzed:           (100.000%)

    Dropped:             (  0.000%)

   Filtered:             (  0.000%)

Outstanding:             (  0.000%)

   Injected:

===============================================================================

Breakdown by protocol (includes rebuilt packets):

        Eth:           (100.000%)

       VLAN:             (  0.000%)

        IP4:           ( 97.319%)

       Frag:             (  0.000%)

       ICMP:             (  0.000%)

        UDP:            ( 10.590%)

        TCP:           ( 86.729%)

        IP6:             (  0.000%)

    IP6 Ext:             (  0.000%)

   IP6 Opts:             (  0.000%)

      Frag6:             (  0.000%)

      ICMP6:             (  0.000%)

       UDP6:             (  0.000%)

       TCP6:             (  0.000%)

     Teredo:             (  0.000%)

    ICMP-IP:             (  0.000%)

    IP4/IP4:             (  0.000%)

    IP4/IP6:             (  0.000%)

    IP6/IP4:             (  0.000%)

    IP6/IP6:             (  0.000%)

        GRE:             (  0.000%)

    GRE Eth:             (  0.000%)

    IP6/IP4:             (  0.000%)

    IP6/IP6:             (  0.000%)

        GRE:             (  0.000%)

    GRE Eth:             (  0.000%)

   GRE VLAN:             (  0.000%)

    GRE IP4:             (  0.000%)

    GRE IP6:             (  0.000%)

GRE IP6 Ext:             (  0.000%)

   GRE PPTP:             (  0.000%)

    GRE ARP:             (  0.000%)

    GRE IPX:             (  0.000%)

   GRE Loop:             (  0.000%)

       MPLS:             (  0.000%)

        ARP:             (  1.072%)

        IPX:             (  0.000%)

   Eth Loop:            (  1.340%)

   Eth Disc:             (  0.000%)

   IP4 Disc:             (  0.000%)

   IP6 Disc:             (  0.000%)

   TCP Disc:             (  0.000%)

   UDP Disc:             (  0.000%)

  ICMP Disc:             (  0.000%)

All Discard:             (  0.000%)

      Other:             (  0.268%)

Bad Chk Sum:             (  0.000%)

    Bad TTL:             (  0.000%)

     S5 G :             (  0.000%)

     S5 G :             (  0.000%)

      Total:

===============================================================================

Snort exiting

  

[root@datatest SecondWeek]# snort -d

  这个命令搭配的意思是,使得snort只包的数据信息

  

[root@datatest SecondWeek]# snort -d -r inside.tcpdump

  得到

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

WARNING: No preprocessors configured for policy .

/-::58.188692 206.48.44.18: -> 172.16.112.100:

TCP TTL: TOS:0x0 ID: IpLen: DgmLen: DF

***A**** Seq: 0x17AD29  Ack: 0x17AE81  Win: 0x2238  TcpLen: 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

WARNING: No preprocessors configured for policy .

/-::58.203130 172.16.112.100: -> 206.48.44.18:

TCP TTL: TOS:0x0 ID: IpLen: DgmLen: DF

***AP*** Seq: 0x17AE81  Ack: 0x17AD29  Win: 0x2238  TcpLen:

      6D   4D    6F  6F   hume Microso

                 ft FTP Service (

     6F 6E   2E   2E 0D 0A     Version 2.0)...

===============================================================================

Run time for packet processing was 0.232618 seconds

Snort processed  packets.

Snort ran for  days  hours  minutes  seconds

   Pkts/sec:

===============================================================================

Memory usage summary:

  Total non-mmapped bytes (arena):

  Bytes in mapped regions (hblkhd):

  Total allocated space (uordblks):

  Total free space (fordblks):

  Topmost releasable block (keepcost):

===============================================================================

Packet I/O Totals:

   Received:

   Analyzed:           (100.000%)

    Dropped:             (  0.000%)

   Filtered:             (  0.000%)

Outstanding:             (  0.000%)

   Injected:

===============================================================================

Breakdown by protocol (includes rebuilt packets):

        Eth:           (100.000%)

       VLAN:             (  0.000%)

        IP4:           ( 95.276%)

       Frag:             (  0.000%)

       ICMP:             (  0.000%)

        UDP:            ( 16.535%)

        TCP:           ( 78.740%)

        IP6:             (  0.000%)

    IP6 Ext:             (  0.000%)

   IP6 Opts:             (  0.000%)

      Frag6:             (  0.000%)

      ICMP6:             (  0.000%)

       UDP6:             (  0.000%)

       TCP6:             (  0.000%)

     Teredo:             (  0.000%)

    ICMP-IP:             (  0.000%)

    IP4/IP4:             (  0.000%)

    IP4/IP6:             (  0.000%)

    IP6/IP4:             (  0.000%)

    IP6/IP6:             (  0.000%)

        GRE:             (  0.000%)

    GRE Eth:             (  0.000%)

   GRE VLAN:             (  0.000%)

    GRE IP4:             (  0.000%)

    GRE IP6:             (  0.000%)

GRE IP6 Ext:             (  0.000%)

   GRE PPTP:             (  0.000%)

    GRE ARP:             (  0.000%)

    GRE IPX:             (  0.000%)

   GRE Loop:             (  0.000%)

       MPLS:             (  0.000%)

        ARP:             (  2.362%)

        IPX:             (  0.000%)

   Eth Loop:             (  1.969%)

   Eth Disc:             (  0.000%)

   IP4 Disc:             (  0.000%)

   IP6 Disc:             (  0.000%)

   TCP Disc:             (  0.000%)

   UDP Disc:             (  0.000%)

  ICMP Disc:             (  0.000%)

All Discard:             (  0.000%)

      Other:             (  0.394%)

Bad Chk Sum:             (  0.000%)

    Bad TTL:             (  0.000%)

     S5 G :             (  0.000%)

     S5 G :             (  0.000%)

      Total:

===============================================================================

Snort exiting

[root@datatest SecondWeek]# 
[root@datatest SecondWeek]# snort -dv

  这个命令搭配的意思是,使得snort在输出IP、TCP、UDP和ICMP的包头信息的通俗,还显示包的数据信息。

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

WARNING: No preprocessors configured for policy .

/-::42.867811 195.73.151.50: -> 172.16.114.168:

TCP TTL: TOS:0x0 ID: IpLen: DgmLen: DF

***AP*** Seq: 0xE888C943  Ack: 0x9A021B4D  Win: 0x7D78  TcpLen:

4D   4C    6F 6D 3A 3C       MAIL From:<avrap

 6C  6D    2E 6F   6E   2E   @lambda.orange.c

6F 6D 3E 0D 0A                                   om>..

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

WARNING: No preprocessors configured for policy .

/-::42.868044 172.16.114.168: -> 195.73.151.50:

TCP TTL: TOS:0x0 ID: IpLen: DgmLen: DF

***AP*** Seq: 0x9A021B4D  Ack: 0xE888C968  Win: 0x7FE0  TcpLen:

    3C       6C  6D     <avrap@lambd

 2E 6F   6E   2E  6F 6D 3E 2E 2E 2E  a.orange.com>...

   6E     4F 6B 0D 0A               Sender Ok..

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

*** Caught Int-Signal

WARNING: No preprocessors configured for policy .

/-::42.875769 195.73.151.50: -> 172.16.114.168:

TCP TTL: TOS:0x0 ID: IpLen: DgmLen: DF

***A**** Seq: 0xE888CD92  Ack: 0x9A021BCE  Win: 0x7D78  TcpLen:

6F      6E 2C    3A 0D 0A    of gain, we:..

       6F  6C    6C  6F        could also

          6F   4E     uses The of Net

 6F  6B  6E     6C  6E     work neural netw

6F  6B    0D 0A          orks a..

         6F    6E    Cascade routines

          6C   6C     year available

           6E      via price and Th

     0D 0A           e bug..        i

    6C        6E 6F    s a lecture note

 2E  0D 0A 0D 0A           s. ....        W

  6E      6F   6F  6E 6F   hen he to do not

       6E  6F 6E        have anyone wit

   6F 6D 6F   6F  2C       h tomorrow, but

   0D 0A          6C   the..        eli

  2C          6B     te, But I I kept

       6D   6E        The remainder a

    6F      6E       re to train trac

6B     0D 0A           ks by..        t

  6C  3B  6F 6E          itle; on high te

6D          6C  6D     mperature limit

        6E    6F     The depends of T

  0D 0A         6E     he..        next

2E     6C   2E   4A  2E    .  Telex.  Jr.

4C 6F 6E  6F 6E   6C      6E   London plays And

     6C 3A       6C  0D  re Tel: a while.

0A            6C 6C    .        still i

6E   2C   6F 6F      6F 6D   n a, good automa

    6C 6C          6F  tically which do

       6D   6C  6E  0D 0A   their mailing..

          6C               File If

    6F 6E     6F 6E    6B  The ones don't k

6E 6F    6E   6F     6F    now Introductory

  6F      6F  0D 0A       course of..

      6F 6F              proofs I had

             2E     a prefix the.

    6C             I believe the va

6C      6F 6D 0D 0A        lue From..

   6F     6F     6F      host host port

  6F   6C 6F   6C         to global each

    6B       6F  6E    Speaker recognit

 6F 6E 0D 0A             ion..        spe

===============================================================================

Run time for packet processing was 0.521737 seconds

Snort processed  packets.

Snort ran for  days  hours  minutes  seconds

   Pkts/sec:

===============================================================================

Memory usage summary:

  Total non-mmapped bytes (arena):

  Bytes in mapped regions (hblkhd):

  Total allocated space (uordblks):

  Total free space (fordblks):

  Topmost releasable block (keepcost):

===============================================================================

Packet I/O Totals:

   Received:

   Analyzed:           (100.000%)

    Dropped:             (  0.000%)

   Filtered:             (  0.000%)

Outstanding:             (  0.000%)

   Injected:

===============================================================================

Breakdown by protocol (includes rebuilt packets):

        Eth:           (100.000%)

       VLAN:             (  0.000%)

        IP4:           ( 94.169%)

       Frag:             (  0.000%)

       ICMP:             (  0.000%)

        UDP:            ( 21.283%)

        TCP:           ( 72.886%)

        IP6:             (  0.000%)

    IP6 Ext:             (  0.000%)

    IP4/IP6:             (  0.000%)

    IP6/IP4:             (  0.000%)

    IP6/IP6:             (  0.000%)

        GRE:             (  0.000%)

    GRE Eth:             (  0.000%)

   GRE VLAN:             (  0.000%)

    GRE IP4:             (  0.000%)

    GRE IP6:             (  0.000%)

GRE IP6 Ext:             (  0.000%)

   GRE PPTP:             (  0.000%)

    GRE ARP:             (  0.000%)

    GRE IPX:             (  0.000%)

   GRE Loop:             (  0.000%)

       MPLS:             (  0.000%)

        ARP:             (  2.332%)

        IPX:             (  0.000%)

   Eth Loop:            (  2.915%)

   Eth Disc:             (  0.000%)

   IP4 Disc:             (  0.000%)

   IP6 Disc:             (  0.000%)

   TCP Disc:             (  0.000%)

   UDP Disc:             (  0.000%)

  ICMP Disc:             (  0.000%)

All Discard:             (  0.000%)

      Other:             (  0.583%)

Bad Chk Sum:             (  0.000%)

    Bad TTL:             (  0.000%)

     S5 G :             (  0.000%)

     S5 G :             (  0.000%)

      Total:

===============================================================================

Snort exiting

[root@datatest SecondWeek]#

 

  进一步,见

Snort 命令参数详解

Snort里如何将一个tcpdump格式的二进制文件读取打印到屏幕上(图文详解)的更多相关文章

  1. 【适合公司业务】全网最详细的IDEA里如何正确新建【普通或者Maven】的Java web项目并发布到Tomcat上运行成功【博主强烈推荐】(类似eclipse里同一个workspace下【多个子项目】并存)(图文详解)

    不多说,直接上干货! 首先,大家要明确,IDEA.Eclipse和MyEclipse等编辑器之间的新建和运行手法是不一样的. 如果是在Myeclipse里,则是File -> new -> ...

  2. 全网最详细的Windows系统里Oracle 11g R2 Database(64bit)的完全卸载(图文详解)

    不多说,直接上干货! 前期博客 全网最详细的Windows系统里Oracle 11g R2 Database(64bit)的下载与安装(图文详解) 若你不想用了,则可安全卸载. 完全卸载Oracle ...

  3. Scala IDEA for Eclipse里用maven来创建scala和java项目代码环境(图文详解)

    这篇博客 是在Scala IDEA for Eclipse里手动创建scala代码编写环境. Scala IDE for Eclipse的下载.安装和WordCount的初步使用(本地模式和集群模式) ...

  4. 给ambari集群里的kafka安装基于web的kafka管理工具Kafka-manager(图文详解)

    不多说,直接上干货! 参考博客 基于Web的Kafka管理器工具之Kafka-manager的编译部署详细安装 (支持kafka0.8.0.9和0.10以后版本)(图文详解)(默认端口或任意自定义端口 ...

  5. 全网最详细的Windows里Git client客户端管理工具SourceTree的下载与安装(图文详解)

    不多说,直接上干货! 很多人用Git命令行不熟练,那么可以尝试使用SourceTree进行操作. 安装之前的必备    (1)Git的安装 Git学习系列之Windows上安装Git详细步骤(图文详解 ...

  6. 如何正确在IDEA 里maven构建的项目中引入lib的jar包(图文详解)

    不多说,直接上干货! 问题详情 以下是我,maven构建出来的最新spark2.2.0-bin-hadoop2.6的项目. 有些依赖包,maven还是无法一次性满足,所以,得手动加入lib的jar包. ...

  7. ubuntu16.04里如何正确添加用root用户来登录图形界面(图文详解)

    不多说,直接上干货! Ubuntu版本都默认不允许使用root登录,必须要改配置文件. 第一步: 首先设置root密码,利用现有管理员帐户登陆Ubuntu,在终端执行命令:sudo passwd ro ...

  8. snort + barnyard2如何正确读取snort.unified2格式的数据集并且入库MySQL(图文详解)

    不多说,直接上干货! 为什么,要写这篇论文? 是因为,目前科研的我,正值研三,致力于网络安全.大数据.机器学习研究领域! 论文方向的需要,同时不局限于真实物理环境机器实验室的攻防环境.也不局限于真实物 ...

  9. Snort里如何将读取的包记录存到指定的目录下(图文详解)

    不多说,直接上干货! 比如,在/root/log目录下. [root@datatest ~]# snort -dve -l /root/log 需要注意: 1) /log目录需要你自己建立,并修改权限 ...

随机推荐

  1. 添加 XML内Rows数据

    public static void addItemToXml(string method,string firstKey,string id,string checkName,string refV ...

  2. 五------Jsp九大内置对象。

    Jsp九大内置对象,当中最基本的是前五个对象. 5-1 out对象 out对象是JSPWriter类的实例.是向client输出内容经常使用的对象. out对象经常使用的方法例如以下: 1.out.p ...

  3. poj1840Eqs(哈希判重)

    题目链接: 传送门 思路: 这道题是一个简单的hash的应用,假设直接暴力的话肯定承受不了5重for循环,所以比赛的时候我先到分成两组.可是后来用到了很多数组,然后想到数字太大,还先到stl判重, 后 ...

  4. iOS 开发者中的个人账号与组织账号之间区别

    苹果对开发者主要分为3类:个人.组织(公司.企业).教育机构.即: 1.个人(Individual) 2.组织(Organizations) 组织类又分为2个小类: (1)公司(Company) (2 ...

  5. Filter 详解

    一.Filter简介 Filter也称之为过滤器,它是Servlet技术中最激动人心的技术,WEB开发人员通过Filter技术,对web服务器管理的所有web资源:例如Jsp, Servlet, 静态 ...

  6. IP达人启示录(学会经营自己:靠软件来扩大自己的IP,或者获取很大的名声)

    在家附近的一个小公园中,一个老人每天晚上都在用水练习书法,他的字写的的确很不错,不懂书法的我,看了就感觉非常的带劲--苍劲有力.今晚再次路过的时候,就有种想和这个老人聊一聊的冲动,那么多年纪了,用书法 ...

  7. git unstage

    https://stackoverflow.com/questions/6919121/why-are-there-2-ways-to-unstage-a-file-in-git git rm --c ...

  8. Remove '@override' annotation解决办法

    最近刚刚配置了新机器,将原来的代码放在eclipse上执行,总会出现Remove '@override' annotation,如果要一个个手动删除相当麻烦,最后在网上找了一下原因原来是编译器版本的问 ...

  9. CAShapeLayer和贝塞尔曲线配合使用

    前言 CAShapeLayer继承自CALayer,因此,可使用CALayer的所有属性.但是,CAShapeLayer需要和贝塞尔曲线配合使用才有意义. 关于UIBezierPath,请阅读文章:i ...

  10. 四.OC基础--1.文档安装和方法重载,2.self和super&static,3.继承和派生,4.实例变量修饰符 ,5.私有变量&私有方法,6.description方法

    四.OC基础--1.文档安装和方法重载, 1. 在线安装 xcode-> 系统偏好设置->DownLoads->Doucument->下载 2. 离线安装 百度xcode文档 ...