since network packets or net flows contain too much info to analyze, using packaged IDS such as snort for 1st stage scanning may be a time saver. you can either build from tarball or source rpm. dependencies need to be solved.
REF:
https://www.packet6.com/installing-snort-on-centos/
http://rivald.blogspot.tw/2013/08/building-snort-rpms-on-centos-6x-x8664.html
http://www.lijyyh.com/2012/04/snort.html
沒有留言:
張貼留言