Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
IDS and IPS with Snort 3

You're reading from   IDS and IPS with Snort 3 Get up and running with Snort 3 and discover effective solutions to your security issues

Arrow left icon
Product type Paperback
Published in Sep 2024
Publisher Packt
ISBN-13 9781800566163
Length 256 pages
Edition 1st Edition
Tools
Arrow right icon
Author (1):
Arrow left icon
Ashley Thomas Ashley Thomas
Author Profile Icon Ashley Thomas
Ashley Thomas
Arrow right icon
View More author details
Toc

Table of Contents (23) Chapters Close

Preface 1. Part 1: The Background
2. Chapter 1: Introduction to Intrusion Detection and Prevention FREE CHAPTER 3. Chapter 2: The History and Evolution of Snort 4. Part 2: Snort 3 – The New Horizon
5. Chapter 3: Snort 3 – System Architecture and Functionality 6. Chapter 4: Installing Snort 3 7. Chapter 5: Configuring Snort 3 8. Part 3: Snort 3 Packet Analysis
9. Chapter 6: Data Acquisition 10. Chapter 7: Packet Decoding 11. Chapter 8: Inspectors 12. Chapter 9: Stream Inspectors 13. Chapter 10: HTTP Inspector 14. Chapter 11: DCE/RPC Inspectors 15. Chapter 12: IP Reputation 16. Part 4: Rules and Alerting
17. Chapter 13: Rules 18. Chapter 14: Alert Subsystem 19. Chapter 15: OpenAppID 20. Chapter 16: Miscellaneous Topics on Snort 3 21. Index 22. Other Books You May Enjoy

The role of inspectors

Ideally, the Snort system should analyze the network traffic as an end host or server would do in order to detect malicious or otherwise interesting activity.

For an end host, traffic data is first processed by the TCP/IP layers (layers 2–4) before reaching specific applications. There is a large number and a wide variety of applications, such as the following:

  • Web clients (browsers) such as Mozilla Firefox and web servers such as Apache, which use the HTTP/HTTPS protocol.
  • Mail clients such as Outlook and mail servers such as Nginx, which use protocols such as SMTP, IMAP, POP, and so on.

Similarly, in the case of Snort 3, the decoders perform the TCP/IP layer analysis (layer 2 to layer 4 analysis), and then the inspectors do the application-specific analysis. These modules implement the analysis logic to mimic the essential analysis done by the various application client and server programs.

Architecturally, inspectors are implemented...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image