安裝 Snort
安裝 PF_RING
git clone https://github.com/ntop/PF_RING.git
cd PF_RING/kernel
make
sudo insmod ./pf_ring.ko
cd ../userland
make
cd [PF_RING PATH]/userland/lib
sudo ./configure
sudo make
sudo make install安裝 pfring-daq-module
cd [PF_RING PATH]/userland/snort/pfring-daq-module
autoreconf -ivf
sudo ./configure
sudo make
sudo make install於 IDS mode 執行 Snort
sudo snort --daq-dir=/usr/local/lib/daq --daq pfring --daq-mode passive -i eth0 -v -e