From the course: Protecting Your Network with Open-Source Software
Join today to access over 24,700 courses taught by industry experts.
Snort as an IDS: Detecting pings
From the course: Protecting Your Network with Open-Source Software
Snort as an IDS: Detecting pings
- [Instructor] We just introduced a new Snort rule to detect ping packets, and it's time to check if it actually works. Let's start by running Snort in its IDS mode. Type sudo snort -c, which indicates the location of the Snort configuration file. We'll be using the default Snort configuration file, which is located at /etc/snort/snort.conf. The next option is -A console. So type -A console, which indicates that we'll be displaying the Snort alert on our terminal window. The next option to specify is -l /var/log/snort, which tells where the Snort log messages are going to be stored. And finally, we have to say which network interface card Snort is going to be listening to by typing -i ens32. We'll be listening to the external network interface card of the Ubuntu router host, which has the IP of 192.168.70.128. Let's start Snort by pressing Enter. Type the root password, press Enter. Let's ping the external interface from the Ubuntu host to cause the ping detected alert Type ping…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
-
-
(Locked)
What is an IDS?3m 36s
-
(Locked)
Introducing Snort3m 25s
-
(Locked)
Snort as a packet sniffer4m 13s
-
(Locked)
Snort as an IDS: Establishing rules4m 34s
-
(Locked)
Snort as an IDS: Detecting pings2m 36s
-
(Locked)
What is a network vulnerability assessment?3m 12s
-
(Locked)
Nessus1m 23s
-
(Locked)
Network scanning with Nessus2m 30s
-
(Locked)
-
-