SNORT is a network based intrusion detection system which is written in C programming language. It was developed in 1998 by Martin Roesch. Now it is developed by Cisco. It is a free open source software. It can also be used as a packet sniffer to monitor the system in real time. The network admin can use it to watch all the incoming packets and find the ones which are dangerous to the system. It is based on library packet capture tool. The rules are fairly easy to create and implement and it can be deployed in any kind on operating system and any kind of network environment. The main reason of popularity of this IDS over other is that it is a free to use software and also open source because of which any user can able to use it as the way he want.
- Real-time traffic monitor
- Packet logging
- Analysis of protocol
- Content matching
- OS fingerprinting
- Can be installed in any network environment.
- Creates logs
- Open Sourse
- Rules are easy to implement
- Step-1: wget https://www.snort.org/downloads/snort/snort-2.9.15.tar.gz
- Step-2: tar xvzf snort-2.9.15.tar.gz
- Step-3: cd snort-2.9.15
- Step-4: ./configure –enable-sourcefire && make && sudo make install
- Step-1: Download SNORT installer from https://www.snort.org/downloads/snort/Snort_2_9_15_Installer.exe
- Step-1: Execute the Snort_2_9_15_Installer.exe
- Sniffer Mode –
To print TCP/IP header use command ./snort -v
To print IP address along with header use command ./snort -vd
- Packet Logging –
To store packet in disk you need to give path where you want to store the logs. For this command is./snort -dev -l ./SnortLogs.
- Activate network intrusion detection mode –
To start this mode use this command ./snort -dev -l ./SnortLogs -h 220.127.116.11/24 -c snort.conf
Attention reader! Don’t stop learning now. Get hold of all the important CS Theory concepts for SDE interviews with the CS Theory Course at a student-friendly price and become industry ready.