Name:

1. (2 points) demonstrate snort in action as a sniffer on your system. Get ISO.
2. Show the syntax of the command to get snort to log all sniffed traffic to the directory /tmp/snort:
   
   
3. What is snort's main configuration file?
   
4. What flag is used to process a specific number of packets, and then immediately exit?
   
5. What flag will automatically replace IP addresses with xxx.xxx.xxx.xxx in snort's output?
   
6. What flag will tell snort to send alerts to /var/log/secure?
   
7. (5 pts) Write a rule to log a simple alert whenever someone ssh's into your firewall from anywhere.
   
8. (5 pts) Write a rule which will log ALL network traffic, and display the message: 'net traffic' on each alert
   
9. Which of the rule files contains rules to detect bootp hardware address length overflows?
   
10. (6 pts) Write a rule to detect traceroutes. Traceroute packets always have a ttl set to 1