Configuring SNORT on Network using Kali Linux

 What is SNORT ?


Snort is the foremost Open Source Intrusion Prevention System (IPS) in the world. Snort IPS uses a series of rules that help define malicious network activity and uses those rules to find packets that match against them and generates alerts for users.


Snort can be deployed inline to stop these packets, as well. Snort has three primary uses: As a packet sniffer like tcpdump, as a packet logger — which is useful for network traffic debugging, or it can be used as a full-blown network intrusion prevention system. Snort can be downloaded and configured for personal and business use alike.

IN THIS BLOG WE WILL CONFIGURE SNORT ON LOCAL HOME NETWORK

Here I will show you how you can configure some set of Rules to get alert message from your local home network(WIFI) if someone using youtube, Facebook.

LETS START:-

STEP 1:- Download and Install SNORT in Kali Linux using command apt install snort 


STEP 2:- move to snort directory using command "cd /etc/snort" 

STEP 3:- original configuration file was snort.config, but for backup we will create a clone of this file and make changes in that file using command "cp snort.config test_snort.config 

 STEP 4:- We have to put our network and ip range in test_config file, for that we will edit this file. using  command "nano test_snort.conf "

After that put your network IP and range as shown in below Screenshot.. 

After that save and close file


STEP 5:- Now we have to make rules, for that we have to move to rules directory 
using command "cd rules" 
 
STEP 6:- Here now the SNORT has so many rules files for defining rules we have to define on local.rules files, but for backup I am creating secondary files. 
For creating secondary file using command "cp local.rules custom.rules" 
 
STEP 7:- SNORT will not directly take rules from our custom file, for that we have to include custom file in that local.rules file. 
for that we have to edit the file using command "nano local.rules" and write that include line as shown in screenshot. After that save and close file. 



STEP 8:- Now we have to define our desired rule for getting alert  in custom rules file. for that we have to edit that file, use command "nano custom.rules" 
Now you can write the rules as I have written. 



 STEP 9:- Now setup is done.For surety run the below command, this checks everything is well formatted and configured or not.  
using command "snort -T -i eth0 -c /etc/snort/test_snort.conf "



STEP10:- Now every rules and configuration is well set and SNORT can be executed now. 
 
STEP 11:- Now Type  command as follows:-" snort -A console -q -i eth0 -c /etc/snort/test_snort.conf" 



"THAT'S ALL NOW YOU CAN GET ALERT MESSAGE AS I GOT"

Comments

Post a Comment

Popular posts from this blog

MITM Attack using Ettercap and Packet Analyzing using Wireshark

Image
  It is an attack in computer networks where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. It is an active eavesdropping in which the attacker can alter the message in the communication ie, the entire conversation can be controlled by the attacker and inject new ones. Ettercap is probably the most widely used MITM attack tool. Ettercap enables us to place ourselves in the middle between two machines. It basically a suite of tools to simplify MITM attacks. It can be used either from the command line (CLI) or the graphical user interface (GUI). Ettercap is GUI based tool built in Kali linux and that has been used in MITM attack here. Step 1: Start ettercap  by typing following command in terminal as kali > ettercap –G and the ettercap GUI will start as shown below. Then select the primary interface as shown below and click on start as shown above Wait until it shows message "...
Read more