Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

suricata(8) [debian man page]

SURICATA(8)						      System Manager's Manual						       SURICATA(8)

suricata - Next Generation Intrusion Detection and Prevention Tool SYNOPSIS
suricata [options] DESCRIPTION
suricata is a network Intrusion Detection System (IDS). It is based on rules (and is fully compatible with snort rules) to detect a variety of attacks / probes by searching packet content. This new Engine supports Multi-Threading, Automatic Protocol Detection (IP, TCP, UDP, ICMP, HTTP, TLS, FTP and SMB), Gzip Decompression, Fast IP Matching and coming soon hardware acceleration on CUDA and OpenCL GPU cards. It supports acquiring packets through NFQUEUE, PCAP (live or offline) etc. OPTIONS
-c config_file Use configuration file config_file -i interface Sniff packets on interface. -r file Read the tcpdump-formatted file tcpdump-file. This will cause Suricata to read and process the file fed to it. This is useful for offline analysis. -q queue_id Sniff packets sent by the kernel through NFQUEUE. This allows running Suricata in inline mode (IPS) for packets captured by iptables using the NFQUEUE target. -s signatures Path to the signatures file. -l log_dir Path to the default log directory. -D Run as daemon --init-errors-fatal Enable fatal failure on signature init error. SEE ALSO
tcpdump(1), pcap(3). AUTHOR
suricata was written by the Open Information Security Foundation. This manual page was written by Pierre Chifflier <>, for the Debian project (and may be used by others). February 2010 SURICATA(8)

Check Out this Related Man Page

IPRESEND(1)						      General Commands Manual						       IPRESEND(1)

ipresend - resend IP packets out to network SYNOPSIS
ipresend [ -EHPRSTX ] [ -d <device> ] [ -g <gateway> ] [ -m <MTU> ] [ -r <filename> ] DESCRIPTION
ipresend was designed to allow packets to be resent, once captured, back out onto the network for use in testing. ipresend supports a num- ber of different file formats as input, including saved snoop/tcpdump binary data. OPTIONS
-d <interface> Set the interface name to be the name supplied. This is useful with the -P, -S, -T and -E options, where it is not otherwise possi- ble to associate a packet with an interface. Normal "text packets" can override this setting. -g <gateway> Specify the hostname of the gateway through which to route packets. This is required whenever the destination host isn't directly attached to the same network as the host from which you're sending. -m <MTU> Specify the MTU to be used when sending out packets. This option allows you to set a fake MTU, allowing the simulation of network interfaces with small MTU's without setting them so. -r <filename> Specify the filename from which to take input. Default is stdin. -E The input file is to be text output from etherfind. The text formats which are currently supported are those which result from the following etherfind option combinations: etherfind -n etherfind -n -t -H The input file is to be hex digits, representing the binary makeup of the packet. No length correction is made, if an incorrect length is put in the IP header. -P The input file specified by -i is a binary file produced using libpcap (i.e., tcpdump version 3). Packets are read from this file as being input (for rule purposes). -R When sending packets out, send them out "raw" (the way they came in). The only real significance here is that it will expect the link layer (i.e. ethernet) headers to be prepended to the IP packet being output. -S The input file is to be in "snoop" format (see RFC 1761). Packets are read from this file and used as input from any interface. This is perhaps the most useful input type, currently. -T The input file is to be text output from tcpdump. The text formats which are currently supported are those which result from the following tcpdump option combinations: tcpdump -n tcpdump -nq tcpdump -nqt tcpdump -nqtt tcpdump -nqte -X The input file is composed of text descriptions of IP packets. SEE ALSO
ipftest(1), ipsend(1), iptest(1), bpf(4), ipsend(5), tcpdump(8) DIAGNOSTICS
Needs to be run as root. BUGS
Not all of the input formats are sufficiently capable of introducing a wide enough variety of packets for them to be all useful in testing. If you find any, please send email to me at IPRESEND(1)
Man Page