Running a packet capture on a SourceFire Sensor

Below shows you the required steps for running a packet capture on a SourceFire Sensor. Which Interfaces are Sniffing ? First of all we get a list of interfaces that is are sniffing for malicious traffic. Note : the fps normally relate to eth. Though you still use the fps reference within the tcpdump. ps … Read more

Snort/SourceFire – Writing Signatures

Below is a custom signature that would create an alert on traffic running from any source to any destination with a destination port of 22, on flags push and ack, every 600 seconds. alert tcp any any -> any 22 (msg:”SSH TRAFFIC”; flags:PA; classtype:not-suspicious; threshold: type limit, track by_dst, count 1 , seconds 600 ; … Read more

Want to become an IT Security expert?

Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial