DOWNDLOAD

Sax2 Intrusion Prevention System

  • Prevent hacker & virus attacks
  • Securing your network & business
Read More…
Free Download

How to Set Up Snort on a Windows 7 Virtual Machine for Network Intrusion Detection

AndyHuang

Contents hide
I. Overview of Snort
1. Operating Modes
II. Snort Installation and Download
III. Sniffing and Data Logging
1. Sniffing
2. Packet Logging
Related posts:

I. Overview of Snort

Snort is a powerful network intrusion detection/prevention system (NIDS/NIPS) with features such as cross-platform compatibility, real-time traffic analysis, and network IP packet logging.

1. Operating Modes

Snort has three operating modes: sniffer, packet logger, and network intrusion detection system.

1. Sniffer: The sniffer mode simply reads packets from the network and displays them continuously on the terminal.
2. Packet Logger: The packet logger mode records packets to the hard drive.
3. Network Intrusion Detection: The network intrusion detection mode is the most complex and configurable. It allows Snort to analyze network traffic to match user-defined rules and take actions based on the detection results.

When using Snort, the network card will automatically be set to promiscuous mode.

II. Snort Installation and Download

 

For 32-bit systems, you must install WinpCap when using Snort.

Snort download link: https://www.snort.org/downloads#snort-downloadsWindows 7 virtual machine
WinpCap download link: https://www.winpcap.org/install/default.htmWindows 7 virtual machineInsert image description here
Simply install it (for convenience in future experiments, it is strongly recommended to install it in the root directory of the C drive).Insert image description here

III. Sniffing and Data Logging

1. Sniffing

Open cmd in the bin directory of Snort.Insert image description here
Enter snort -W to view the current network interfaces.Insert image description here
Sniff network interface 1: Snort -v -i1Insert image description here
Use another host to ping this host.Insert image description here
Packets are displayed.Insert image description here
After pressing ctrl + c to terminate, you can view packet analysis.Insert image description here

2. Packet Logging

By default, there is a log folder in the Snort directory where logs can be directly saved.Insert image description here
Use Snort -dve -i1 -h 192.168.88.0/24 -l c:\Snort\log -K ascii to log packets. The parameters are as follows:

-dve: Enables detailed sniffing mode.
-h: Specifies the monitored host segment. If not specified, it defaults to the local machine’s IP.
-l: Specifies the log directory where the content will be stored.
-K: Specifies the character set, storing data in ASCII format.

Insert image description here
Access any webpage, and packet capture results will appear.Insert image description hereInsert image description here
View the file content, which contains packet headers.Insert image description hereLink:Using Snort Part 2: Intrusion Detection

Related posts:

  1. How to Avoid Phishing Scams
  2. Block bad ICMP messages to Prevent ICMP attacks
  3. DNS spoofing
  4. How to Prevent Denial of Service Attack (DDoS Attack)