Snort kullanımında proses sonlandırıldıktan sonra ekrana ne kadar trafik yakaladığı, ne kadar trafiği düşürdüğü, trafiğin ne kadarı hangi protokolden oluşuyor gibi bilgileri ekrana basacaktır.

===============================================================================
Packet Wire Totals:
Received: 4944815
Analyzed: 4914581 (99.389%)
Dropped: 30180 (0.610%)
Outstanding: 54 (0.001%)
===============================================================================
Breakdown by protocol (includes rebuilt packets):
ETH: 4920496 (100.000%)
ETHdisc: 0 (0.000%)
VLAN: 0 (0.000%)
IPV6: 14 (0.000%)
IP6 EXT: 0 (0.000%)
IP6opts: 0 (0.000%)
IP6disc: 0 (0.000%)
IP4: 4919708 (99.984%)
IP4disc: 0 (0.000%)
TCP 6: 0 (0.000%)
UDP 6: 0 (0.000%)
ICMP6: 0 (0.000%)
ICMP-IP: 0 (0.000%)
TCP: 4764304 (96.826%)
UDP: 155176 (3.154%)
ICMP: 228 (0.005%)
TCPdisc: 0 (0.000%)
UDPdisc: 0 (0.000%)
ICMPdis: 0 (0.000%)
FRAG: 0 (0.000%)
FRAG 6: 0 (0.000%)
ARP: 178 (0.004%)
EAPOL: 0 (0.000%)
ETHLOOP: 0 (0.000%)
IPX: 0 (0.000%)
OTHER: 596 (0.012%)
DISCARD: 0 (0.000%)
InvChkSum: 9 (0.000%)
S5 G 1: 0 (0.000%)
S5 G 2: 5915 (0.120%)
Total: 4920496
=======================================

Kullanılan sistem FreeBSD ise netstat -B komutuyla da ne kadarlık paket kaybı olduğu gözlemlenebilir.

[root@S-Guard11 ~]# netstat -B
Pid Netif Flags Recv Drop Match Sblen Hblen Command
20000 em0 p–s— 8611 8505 8611 32762 32730 snort
41911 em0 p–s— 81404 0 81404 10692 0 ourmon

The post Saldırı Tespit Sisteminiz(Snort) Paket Kaçırıyor mu? first appeared on Complexity is the enemy of Security.