Docsity
Log inSign up
Docsity
Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity

Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan

Guidelines and tips
Guidelines and tips
Sell on Docsity
Sell on Docsity
Log inSign up

Prepare for your exams

Study with the several resources on Docsity

Find documents

Prepare for your exams with the study notes shared by other students like you on Docsity

Search Store documents

The best documents sold by students who completed their studies

Search through all study resources
Docsity AINEW

Summarize your documents, ask them questions, convert them into quizzes and concept maps

Explore questions

Clear up your doubts by reading the answers to questions asked by your fellow students

Earn points to download

Earn points by helping other students or get them with a premium plan

Share documents
download point icon20 Points

For each uploaded document

Answer questions
download point icon5 Points

For each given answer (max 1 per day)

All the ways to get free points
Get points immediately

Choose a premium plan with all the points you need

Study Opportunities

Choose your next study program

Get in touch with the best universities in the world. Search through thousands of universities and official partners

Community

Ask the community

Ask the community for help and clear up your study doubts

University Rankings

Discover the best universities in your country according to Docsity users

Free resources

Our save-the-student-ebooks!

Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors

From our blog

Exams and Study
Go to the blog

Snort: Network Intrusion Detection System (NIDS) - Installation and Configuration Guide, Cheat Sheet of Cybercrime, Cybersecurity and Data Privacy

Gujarat Technological UniversityCybercrime, Cybersecurity and Data Privacy

A step-by-step guide on installing and configuring snort, an open-source intrusion detection and prevention system. It covers the essential steps for setting up snort on an ubuntu operating system, including configuring network settings and validating the installation. The guide also demonstrates how to use snort to detect network attacks by simulating a penetration test using kali linux.

Typology: Cheat Sheet

2024/2025

Available from 02/02/2025

pallavi-pandey-3
pallavi-pandey-3 🇮🇳

1 document

1 / 10

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
P a g e | 1
Pallavi Pandey
SNORT- NETWORK INTRUSION DETECTION SYSTEM (NIDS)
INTRODUCTION TO SNORT
Snort is an open source tool for intrusion detection and prevention system.
It uses a series of rules that helps define malicious network activities & uses those rules to
find packets that match against them & generates alerts for users.
Snort has three primary uses:
1) As a packet sniffer like tcpdump.
2) As a packet logger- this is useful for network traffic debugging.
3) As a full-blown network intrusion prevention system.
FEATURES OF SNORT
1) Rules: To generate rules to identify various kinds of scans such as TCP scan, UDP
scan, Fin scan, etc.
2) Attack Detection: To detect network scanning attacks, DoS attack, Malware attack,
etc.
INSTALLATION AND CONFIGURATION
SNORT can be installed by using Ubuntu OS. To install it follow these steps:
Requirement:
1) Oracle virtualBox
2) Ubuntu
3) KaliLinux
Step 1: Open virtualBox UbuntuTerminal
Step 2: Type this command in Ubuntu terminal,
“ ifconfig”
This command is to know ip address of Ubuntu machine. Note the ip address for further use
pf3
pf4
pf5
pf8
pf9
pfa

Partial preview of the text

Download Snort: Network Intrusion Detection System (NIDS) - Installation and Configuration Guide and more Cheat Sheet Cybercrime, Cybersecurity and Data Privacy in PDF only on Docsity!

SNORT- NETWORK INTRUSION DETECTION SYSTEM (NIDS)

INTRODUCTION TO SNORT

Snort is an open source tool for intrusion detection and prevention system. It uses a series of rules that helps define malicious network activities & uses those rules to find packets that match against them & generates alerts for users. Snort has three primary uses:

  1. As a packet sniffer like tcpdump.
  2. As a packet logger- this is useful for network traffic debugging.
  3. As a full-blown network intrusion prevention system. FEATURES OF SNORT
  4. Rules: To generate rules to identify various kinds of scans such as TCP scan, UDP scan, Fin scan, etc.
  5. Attack Detection: To detect network scanning attacks, DoS attack, Malware attack, etc. INSTALLATION AND CONFIGURATION SNORT can be installed by using Ubuntu OS. To install it follow these steps: Requirement:
  6. Oracle virtualBox
  7. Ubuntu
  8. KaliLinux Step 1: Open virtualBox  UbuntuTerminal Step 2: Type this command in Ubuntu terminal, “ ifconfig” This command is to know ip address of Ubuntu machine. Note the ip address for further use

Here , inet is my address.(192.168.82.42) Step 3: clear the screen by using “clear” command. Type the below command. “ sudo su “ This code will open Root Path, this is for opening Super User.(Administrator)

Step 7: Here, I have installed snort 2.9.20 , now open FILESOTHER LOCATIONUBUNTUETCSNORTSNORT.CONF , open snort.conf file as run as administrator in text editor to make changes in it. File path: file/other location/Unbuntu/etc/snort/snort.conf. Open the snort.conf file then in HOME_NET any , Here in place of any type your Ubuntu configured ip address. As I have done : HOME_NET 192.168.82.0/

Step 9 : Now open Kali linux terminal. Now know the ip address of kali linux os. By command using in terminal, “ifconfig”

Ip address is (inet) 192.168.82. Now, we will try to penetrate, we will use kali to attack Ubuntu which have snort will detect & tell us that someone is trying to scan machine or network using some external tool. Step 10: Now, in order to activate snort on Ubuntu we will type the command, “sudo snort - A console - q – c /etc/snort/snort.conf - i enp0s3”

- A means display output on the screen. - q means to avoid unnecessary message on screen.

Step 12: In Ubuntu it will successfully detect the intrusion and display alert message as “ ATTEMPTED INFORMATION LEAK “, & ip address of attacker machine i.e. kali.