Main Uses of Snort: From Win7 to Kali
1. Similar to TCP dump, Win7 to Kali can be used as a network sniffer to debug network traffic.
2. Used for signature-based network intrusion detection from Win7 to Kali.
Examples of Using the Snort Intrusion Detection System:
1. Capturing packets using Snortâs three modes combined
Insert image description here: Win7 to Kali
2. Logging packets to a specified location
3. Editing Snortâs configuration file to add custom rules
(1) Alerting on request packets from external hosts targeting the current hostâs port 80/TCP.
Adding the following rule:
Accessing the Kali server website from Win7
Web access detected
(2) String matching: If a machine logs into the Kali FTP server, an alert is triggered, and the username and password of the user are captured.
FTP connection from Win7 to Kali
FTP access detected; inspecting the packet reveals plaintext username and password
(3) Alerting on ICMP echo requests. Adding the following rule:
Win7 pinging Kali
ICMP response detected