Snort 入侵检测系统源码分析.pdf-资料库

mzlqh-4282286-4744302543003940455.pdf-第1页.png

第1页 / 共294页

mzlqh-4282286-4744302543003940455.pdf-第2页.png

第2页 / 共294页

mzlqh-4282286-4744302543003940455.pdf-第3页.png

第3页 / 共294页

mzlqh-4282286-4744302543003940455.pdf-第4页.png

第4页 / 共294页

mzlqh-4282286-4744302543003940455.pdf-第5页.png

第5页 / 共294页

mzlqh-4282286-4744302543003940455.pdf-第6页.png

第6页 / 共294页

mzlqh-4282286-4744302543003940455.pdf-第7页.png

第7页 / 共294页

mzlqh-4282286-4744302543003940455.pdf-第8页.png

第8页 / 共294页

Snort 2005-02-28 Author Kendo www.skynet.org.cn

Snort 1 2 3 4 ...........................................................................................................................6 .......................................................................................7 ...........................................................................................7 1 ..............................................................................10 2 3SnortServiceMain....................................................................................22 .............................................................................26 4 1 .......................................................................26 ..........................................................................30 1 .........................................................................................33 ......................................................................................33 .....................................................................................34 .............................................................................................35 .............................................................................37 ....................................................................37 1WinSock 2 3 4 1Packet 4 2PV 1 LibPcap() 1 1 1 1 2 2 2 3 3 4 4 4 2OpenPcap() 1 4 4 4 4 2 4 4 4 4 3 1 1 1 2 1 3 1 4 2 1 2 2 2 3 2 4 ....................................................................................37 .........................................................................................40 .........................................................................41 .......................................................................41 ..........................................................................................42 ..............................................................................45 ..........................................................................................50 ................................................................................50 .......................................................................50 ..........................................................................................51 ......................................................................................54 ..........................................................................................59 .................................................................60 Author Kendo www.skynet.org.cn

5 6 7 5 5 5 5 5 5 5 6 6 6 6 6 6 7 7 7 7 7 ..........................................................................64 ....................................................................................64 1 2 ....................................................................................68 3CreateDefaultRules..................................................................................69 4ParseRuleFile...........................................................................................71 5ParseRule.................................................................................................76 5 1 5 ..................................................................................76 5 2ProcessIP...................................................................................87 5 5 5 3ParsePort....................................................................................91 5 .......................................................................95 5 4mSplit 6ProcessHeadNode..................................................................................102 5 ................................................................................102 5 ..................................114 7ParseRuleOptions..................................................................................117 6 1 6 2 5 5 7 1 .........................................................................117 7 2ParseMessage...........................................................................132 ....................................................................135 .....................................................................................................135 1 2fpCreateFastPacketDetection.................................................................139 3prmAddRuleXX....................................................................................143 4prmxAddPortRuleXX............................................................................145 5prmCompileGroups BuildMultiPatternGroups................................147 6 ......................................................................................................151 .......................................................................................153 1InterfaceThread......................................................................................153 2ProcessPacket........................................................................................153 3 ...........................................................................156 4 ...................................................................159 5Preprocess..........................................................................................161 Author Kendo www.skynet.org.cn

8 9 7 8 8 8 9 9 9 9 10 10 10 10 10 10 6 ...................................................................................................163 ...............................................................................165 1DecodeEthPkt........................................................................................166 2DecodeIP...............................................................................................167 3DecodeTCP...........................................................................................172 ...........................................................................175 ......................................................175 .................................................................175 .....................................................................176 2 1 2 2frag2 .......................................................................179 2 3GetFragTracker........................................................................184 2 4NewFragTracker InsertFrag................................................187 2 5FragIsComplete........................................................................191 2 5RebuildFrag.............................................................................194 1Stream4TCP 2frag2 9 9 9 9 9 9 3BO 4ARP ...............................................................................................194 .......................................................................................194 ...............................................................................199 1Detect..................................................................................................199 2fpEvalPacket........................................................................................200 3fpEvalHeaderTcp.................................................................................202 1 10 .......................................................................202 10 2prmFindRuleGroupTcp...........................................................203 3 3 3 10 3InitMatchInfo.........................................................................206 4fpEvalHeaderSW.................................................................................208 1 ..............................................................................208 10 2mpseSearch............................................................................212 10 10 3fpEvalOTN fpEvalRTN....................................................213 5 ................................................................................215 1fpAddMatch...........................................................................215 10 4 4 4 5 Author Kendo www.skynet.org.cn

5 5 4 10 10 10 2fpFinalSelectEvent.................................................................217 3SnortEventqAdd.....................................................................218 4 sfeventq_add..........................................................................221 ....................................................................224 1 ....................................................................................................224 2CheckBidirectional..............................................................................224 ........................................................................................229 3 ........................................................................................230 4 ............................................................232 ...................................................................................245 ............................................................................245 .....................................................249 ...................................................................................................250 .............................................................................250 1 2 MYSQL 1WinPcap 12 12 12 12 12 12 12 12 1 1 1 1 1 1 1 1 1 2 3 4 5 6 7 8 loopback .......................................................................250 .....................................252 ............................................................255 ....................................................260 ........................................................................264 ...........................................................................265 ................................................................273 ............................................................................281 9 1 12 2 Wind2000 3Snort 3 ............................................................288 .........................................294 ............................................................................294 ............................................................................................294 Snort 11 11 11 11 11 12 13 12 12 14 12 12 12 12 Author Kendo www.skynet.org.cn

Snort Sniffer Copy Snort Linux Win32 Snort + Linux Snort forWindows Snort Windows Linux forWindows Linux forLinux Windows2000ProfessionalSP4+VC6.0+Snort2.2 Snort Snort u C u u LibPcap u TCP/IP u Socket u Snort Boyer-Moore Snort Author Kendo www.skynet.org.cn

1 1 1 Snort Snort rules u u u u Snort Author Kendo www.skynet.org.cn

资料库

Snort 入侵检测系统源码分析.pdf

相关推荐

安全技术

热门标签

最新资料