248 | | |
249 | | == (5) Generate Regular and Intrusion Traffic == |
| 248 | == (5) Run Attack Analyzer == |
| 249 | |
| 250 | The Attack Analyzer reads the Snort alerts saved on the Controller node and makes decisions about which IP addresses to block. The Attack analyzer is the “brain” on the attack control system. It reads the file ''/tmp/snortalert'', which is generated by RINA on controller node and outputs ''/tmp/attacker.txt'' file which has the IP addresses of all the nodes that the Attack Analyzer decides to block based on Snort alerts. |
| 251 | |
| 252 | Open a separate window for the Controller, and run the attack analyzer. [[BR]] |
| 253 | |
| 254 | ''' cd ~/Control/AttackAnalyzer/ ''' |
| 255 | |
| 256 | ''' python !AttackAnalyzer.py -f /tmp/snortalert ''' [[BR]] |
| 257 | |
| 258 | ''' Note: If you want to re-run this experiment, make sure to remove ''/tmp/attacker.txt'' and ''/tmp/snortalert'' files on the controller node. ''' |
| 259 | |
| 260 | |
| 261 | == (6) Generate Regular and Intrusion Traffic == |