Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

suricata(8) [debian man page]

SURICATA(8)						      System Manager's Manual						       SURICATA(8)

NAME

       suricata - Next Generation Intrusion Detection and Prevention Tool

SYNOPSIS

       suricata [options]

DESCRIPTION

       suricata is a network Intrusion Detection System (IDS). It is based on rules (and is fully compatible with snort rules) to detect a variety
       of attacks / probes by searching packet content.

       This new Engine supports Multi-Threading, Automatic Protocol Detection (IP, TCP, UDP, ICMP, HTTP, TLS, FTP and  SMB),  Gzip  Decompression,
       Fast IP Matching and coming soon hardware acceleration on CUDA and OpenCL GPU cards.

       It supports acquiring packets through NFQUEUE, PCAP (live or offline) etc.

OPTIONS

       -c config_file
	      Use configuration file config_file

       -i interface
	      Sniff packets on interface.

       -r file
	      Read  the tcpdump-formatted file tcpdump-file.  This will cause Suricata to read and process the file fed to it.	This is useful for
	      offline analysis.

       -q queue_id
	      Sniff packets sent by the kernel through NFQUEUE. This allows running Suricata in inline mode (IPS) for packets captured by iptables
	      using the NFQUEUE target.

       -s signatures
	      Path to the signatures file.

       -l log_dir
	      Path to the default log directory.

       -D     Run as daemon

       --init-errors-fatal
	      Enable fatal failure on signature init error.

SEE ALSO

       tcpdump(1), pcap(3).

AUTHOR

       suricata was written by the Open Information Security Foundation.

       This manual page was written by Pierre Chifflier <pollux@debian.org>, for the Debian project (and may be used by others).

								   February 2010						       SURICATA(8)

Check Out this Related Man Page

IPRESEND(1)						      General Commands Manual						       IPRESEND(1)

NAME

       ipresend - resend IP packets out to network

SYNOPSIS

       ipresend [ -EHPRSTX ] [ -d <device> ] [ -g <gateway> ] [ -m <MTU> ] [ -r <filename> ]

DESCRIPTION

       ipresend was designed to allow packets to be resent, once captured, back out onto the network for use in testing.  ipresend supports a num-
       ber of different file formats as input, including saved snoop/tcpdump binary data.

OPTIONS

       -d <interface>
	      Set the interface name to be the name supplied.  This is useful with the -P, -S, -T and -E options, where it is not otherwise possi-
	      ble to associate a packet with an interface.  Normal "text packets" can override this setting.

       -g <gateway>
	      Specify  the  hostname of the gateway through which to route packets.  This is required whenever the destination host isn't directly
	      attached to the same network as the host from which you're sending.

       -m <MTU>
	      Specify the MTU to be used when sending out packets.  This option allows you to set a fake MTU, allowing the simulation  of  network
	      interfaces with small MTU's without setting them so.

       -r <filename>
	      Specify the filename from which to take input.  Default is stdin.

       -E     The  input file is to be text output from etherfind.  The text formats which are currently supported are those which result from the
	      following etherfind option combinations:

		 etherfind -n
		 etherfind -n -t

       -H     The input file is to be hex digits, representing the binary makeup of the packet.  No length correction is  made,  if  an  incorrect
	      length is put in the IP header.

       -P     The  input  file specified by -i is a binary file produced using libpcap (i.e., tcpdump version 3).  Packets are read from this file
	      as being input (for rule purposes).

       -R     When sending packets out, send them out "raw" (the way they came in).  The only real significance here is that it  will  expect  the
	      link layer (i.e.	ethernet) headers to be prepended to the IP packet being output.

       -S     The  input  file	is  to be in "snoop" format (see RFC 1761).  Packets are read from this file and used as input from any interface.
	      This is perhaps the most useful input type, currently.

       -T     The input file is to be text output from tcpdump.  The text formats which are currently supported are those which  result  from  the
	      following tcpdump option combinations:

		 tcpdump -n
		 tcpdump -nq
		 tcpdump -nqt
		 tcpdump -nqtt
		 tcpdump -nqte

       -X     The input file is composed of text descriptions of IP packets.

SEE ALSO

       ipftest(1), ipsend(1), iptest(1), bpf(4), ipsend(5), tcpdump(8)

DIAGNOSTICS

       Needs to be run as root.

BUGS

       Not all of the input formats are sufficiently capable of introducing a wide enough variety of packets for them to be all useful in testing.
       If you find any, please send email to me at darrenr@pobox.com

																       IPRESEND(1)
Man Page