Snort is an open source network-based intrusion detection system (NIDS). That can analyses the real-time traffic and can log packets on Internet Protocol (IP) networks. Snort can perform protocol analysis, content searching, and content matching. It also can be used to detect probes or attacks, including, but not limited to, operating system fingerprinting attempts, common gateway interface, buffer overflows, server message block probes, and stealth port scans
There are three modes in which the can be configured:
3)Network intrusion detection.
In sniffer mode, It reads the network packets and display them on the console. In packet logger mode, the program will log packets to the disk. In intrusion detection mode, the program will monitor network traffic and analyze it against a rule set defined by the user. The program will then perform a specific action based on what has been identified.
In this Article, we will learn how to configure snort on backtrack.
Snort is installed in backtrack by default. So you only need to configure it according to your infra
First of all Start Snort Service to test if there is any problem with the installation.
To accomplish this, Click on Application menu,=> click on backtrack menu, => click on services and then click on snort service.
Now edit the configuration file named snort.conf located in /etc/snort directory using vim or any other text editor and change...
var HOME_NET any to var HOME_NET <target ip/nw add>
var EXTERNAL_NET any to var EXTERNAL_NET <attacker ip address>
save the file and restart snort service using /etc/init.d/snort restart command on terminal
Now open terninal and type the command below
snort -q -A console -i eth0 -c /etc/snort/snort.conf
-q is for quiet:- not to show banner and status report
-A is to set alert mode in this case, it is console
-i is to specify interface and
-c is to tell snort the location of configuration file
Now to test the functionality of snort, perform a DOS attack using LOIC..
Now perform Nmap scan,,,,
snort should display the logs again...