Using ACID
189
By clicking different links on the web page shown in Figure 6 4, you can view a
great deal of information.
List of sensors that are logging data to the database.
Number of unique alerts and their detail.
Total number of alerts and their detail.
Source IP addresses for the captured data. This shows who is trying to hack into
your network. By following the subsequent links, you can also find the owner
of the source IP address by looking up whois databases.
Destination IP addresses for captured data.
Source and destination ports.
Alerts related to a particular protocol, like TCP alerts, UDP alerts and ICMP
alerts.
Search alert and log data for particular entries.
Most frequent alerts.
Plot alert data, which is still experimental.
In the following screen shots, you will learn a few important things. But this is just
an overview of what ACID can do for you. The more time you spend using ACID, the
more you will learn about different methods of analyzing Snort data. As you learn new
things, you will appreciate how arranging Snort data in different ways makes a lot more
sense compared to just looking at log files.
6.3.2
Listing Protocol Data
From the main page, you can click on a protocol to get information about packets
logged for that particular protocol. Figure 6 5 shows a screen shot for ICMP protocol.
The bottom part of the screen shows the last fifteen individual packets that have been
logged into the database. You can click on any one of these lines at the bottom to find
out more details about a particular packet.
footer
Our partners:
PHP: Hypertext Preprocessor Cheap Web Hosting
JSP Web Hosting
Ontario Web Hosting
Jsp Web Hosting
Cheapest Web Hosting
Java Hosting
Cheapest Hosting
Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved