信息安全从业人员^_^
一个未入门de情报学胖子(邮箱:tenghm1986@163.com)
Toggle navigation
信息安全从业人员^_^
主页
About Me
归档
标签
[suricata]--Threading
2019-10-08 14:35:14
259
0
0
heming
# 0.参考 [1] [suricata-user-guide-8-Configuration](https://suricata.readthedocs.io/en/suricata-5.0.0-beta1/configuration/suricata-yaml.html) # Threading - multi-threaded,use multiple CPU/CPU cores,process a lot of network packets simultaneously - a single-core engine, the packets will be processed one at a time four thread-modules: - Packet acquisition - reads packets from the network - decode and stream application layer - decodes the packets from the network - first:it performs **stream tracking**(meaning it is making sure all steps will be taken to make a correct network-connection.) - second:TCP-network traffic comes in as packets. The **Stream-Assembly engine** reconstructs the original stream. - Finally:the application layer will be **inspected**.(HTTP and DCERPC will be analyzed.) - detection - compare signatures.There can be several detection threads. - outputs - all alerts and events will be processed <center>  </center> ``` Packet acquisition: Reads packets from the network Decode: Decodes packets. Stream app. Layer: Performs stream-tracking and reassembly. Detect: Compares signatures. Outputs: Processes all events and alerts. ```
上一篇:
[suricata]--file extract
下一篇:
[suricata]--Detection engine
0
赞
259 人读过
新浪微博
微信
腾讯微博
QQ空间
人人网
Please enable JavaScript to view the
comments powered by Disqus.
comments powered by
Disqus
文档导航
heming
信息安全从业人员^_^