[Snort-users] Any Good Books out there?

Marcin Dulak marcin.dulak at ...11827...
Thu Dec 1 17:49:44 EST 2016


Hi,

in my opinion the snort manual (we are talking about manual.snort.org)
focuses
on the technical details and does not provide a context of why snort does
what it does. I can recommend two books that provide some context:
-
https://www.amazon.com/Applied-Network-Security-Monitoring-Collection/dp/0124172083
- short, less technical, a good place to start
- https://www.amazon.com/Snort-Toolkit-Beales-Source-Security/dp/1597490997
- long, very old, but provides a lot of context and funny statements like
"The actual code that parses the various options within Snort is scattered
throughout the code base" on page 177 of the 2007 edition, or a mention of
snort 3.0 on page 179!

It's pretty outrageous that such a fundamental field as network monitoring
is still considered an art and there are no readily available materials.

Marcin

On Thu, Dec 1, 2016 at 7:23 PM, Justin Pederson <jpedersm at ...11827...> wrote:

> I'm just getting into snort.  While there is allot of information out
> there on snort, allot of it is not strait forward.  If I am looking for a
> book to get up to speed on they system.  By chance does anyone know of any
> good books to read?
>
> ------------------------------------------------------------
> ------------------
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20161201/73630ab6/attachment.html>


More information about the Snort-users mailing list