From the course: Protecting Your Network with Open Source Software
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Snort as a packet sniffer
From the course: Protecting Your Network with Open Source Software
Snort as a packet sniffer
- [Instructor] Although, Snort is an intrusion detection and prevention systems solution, it can also be used as a basic packet sniffer. let's start by first installing Snort. Type sudo, space, apt, get, install, space, snort. Press Enter. Type Y and press Enter. The address range for the local network is 10 dot, zero dot, zero dot, zero, forward slash 24. Forward slash 24, indicates that, 10 dot zero dot zero is the subnet ID for the network to monitor. Press Tab to select OK and press Enter. Now, we have our snort instance installed successfully. To start capturing packets type sudo, space, snort, space, dash i standing for interface. Which interface do we use to sniff the packets here? We'll be using it is zero, which is the first network interface of the Ubuntu router host. Space, E-T-H zero. Space dash L and then the location where the packets are going to be locked. Here, dash L stands for logging. We'll be…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
-
-
-
-
(Locked)
What is an IDS?3m 21s
-
(Locked)
Introducing Snort3m
-
(Locked)
Snort as a packet sniffer4m 19s
-
(Locked)
Snort as an IDS: Establishing rules5m 1s
-
(Locked)
Snort as an IDS: Detecting pings2m 10s
-
(Locked)
What is a network vulnerability assessment?3m 22s
-
(Locked)
Nessus2m 37s
-
(Locked)
Network scanning with Nessus2m 30s
-
(Locked)
-
-