Experiment No1: Snort

Aim: InstallIDS(e.g. SNORT) and study thelogs.

Study of packet snipper tools like wireshark

Aim,theory,application,feature,ss,conclusion

What is Snort?
 Snort is the Open Source Intrusion Prevention System (IPS) in the world.
 It is created in 1998 by Martin Roesch, founder and former CTO
of Sourcefire.
 Snort is now developed by Cisco, which purchased Sourcefire in 2013.
 Snort is capable of performing real-time traffic analysis and packet
logging on IP networks.
 Snort can perform
o protocol analysis,
o content searching/matching, and
o can be used to detect a variety of attacks and probes, such as buffer
overflows, stealth port scans, CGI attacks, SMB probes, OS
fingerprinting attempts, and much more.
 Snort IPS uses a series of rules that help define malicious network
activity and uses those rules to find packets that match against them and
generates alerts for users.
 Snort can be deployed inline to stop these packets, as well.
 Snort can be downloaded and configured for personal and business use
alike.

Snort can be configured in three main modes:

1.a packet sniffer (Sniffer),
2. as a packet logger — which is useful for network traffic debugging, or
3. as a network intrusion prevention system.

Installation steps for snort:

Step1: Download snort tool from www.snort.org

Step2: Install snort on your computer.

Step3: Download WinPcap appfrom www.winpcap.org for supporting the snort
files.