Scribd
Upload
56 views6 pages

Experiment-8 NS

The document outlines the steps to configure and demonstrate an Intrusion Detection System (IDS) using the Snort software tool. It includes installation instructions, rule creation, and commands for running Snort in different modes. The experiment concludes with successful execution and logging of alerts from network monitoring activities.

Uploaded by

953622205051
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
56 views6 pages

Experiment-8 NS

The document outlines the steps to configure and demonstrate an Intrusion Detection System (IDS) using the Snort software tool. It includes installation instructions, rule creation, and commands for running Snort in different modes. The experiment concludes with successful execution and logging of alerts from network monitoring activities.

Uploaded by

953622205051
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

KARTHIK RAJA E

953622205026

EXPERIMENT-8
DEMONSTRATE INTRUSION DETECTION SYSTEM USING ANY TOOL
AIM:
To configure and demonstrate an Intrusion Detection System (IDS) using the Snort
software tool, including rule creation, network monitoring, and alert logging.
STEPS ON CONFIGURING AND INTRUSION DETECTION:
1. Install Snort and NPCap from the Snort.org website (http://www.snort.org/snort-
downloads) and NPCap (https://npcap.com/).

Figure 1: Snort and Npcap Installation page


2. Register and download Snort snapshot rules from (https://www.snort.org/snort-rules).
3. Extract the rules and paste them into "C:\Snort\rules" folder.
4. Add "C:\Snort\bin" to system environment variables.
5. Open "C:\Snort\etc" and modify the "snort.conf" file using a text editor (Ctrl+G can
be used to jump to specific lines):
KARTHIK RAJA E
953622205026

o Line 45: ipvar HOME_NET 192.168.1.0/24


o Line 103: var RULE_PATH c:\Snort\rules
o Line 186: Remove # and modify as config logdir: C:\Snort\log
o Line 247: dynamicpreprocessor directory C:\Snort\lib\
snort_dynamicpreprocessor
o Line 250: dynamicengine C:\Snort\lib\snort_dynamicengine\sf_engine.dll
o Line 253 (comment out): #dynamicdetection directory
/usr/local/lib/snort_dynamicrules
o Lines 511-512 (comment out):
o # whitelist $WHITE_LIST_PATH/white_list.rules,
o # blacklist $BLACK_LIST_PATH/black_list.rules
o Line 529: Add output alert_fast: C:\Snort\log\alert.txt
o Line 549: Change to include C:\Snort\rules\local.rules

Figure 2: Snort rule modifications in snort.conf


6. Open "C:\Snort\rules\local.rules" in Notepad and add the following rule:
7. alert icmp any any -> any any (msg:"ICMP Ping Detected"; sid:1000001; rev:1;)
8. Open a command prompt (cmd.exe) and navigate to "C:\Snort\bin" using:
9. cd \Snort\bin
10. Check the Snort version using: snort -V
11. List available network interfaces using: snort -W
KARTHIK RAJA E
953622205026

Figure 3: Command execution for snort -V and snort -W.


12. To start Snort in sniffer mode, use: snort -dev -i 4 (Replace 3 with the correct
network interface index.)

Figure 4: Running Snort in Sniffer Mode


KARTHIK RAJA E
953622205026

11. To start Snort in IDS mode, use:


snort -A console -i 3 -c C:\Snort\etc\snort.conf

Figure 5: Running Snort in IDS mode.

12. To log alerts in ASCII mode:


snort -A console -i 3 -c C:\Snort\etc\snort.conf -l C:\Snort\log -K ascii not ip6
KARTHIK RAJA E
953622205026

Figure 6: Log Alerts in ASCII Mode


KARTHIK RAJA E
953622205026

13. Scan the computer that is running Snort from another computer using PING.

Figure 7: Pinging the Snort Machine from Another Computer


14. Check for logged alerts in the C:\Snort\log folder.

RESULT:
Thus, the demonstrating and configuring an Intrusion Detection System (IDS) using
the Snort software tool, including rule creation, network monitoring, and alert logging was
completed and executed successfully.
PERFORMANCE (25):
VIVA (10):
RECORD (15):
TOTAL (50):

You might also like