Snort is a very famous NIDS (Network Intrusion Detection & Prevention System), it is widely used in on-premise and cloud infrastructure.
Snort is perhaps the best known open source ID available. It is a software implementation installed on a server to monitor incoming traffic. This typically works with a host-based firewall on a system where both the firewall software and Snort are running on the same machine. Snort is available for UNIX, Linux, Free BSD and Windows.
The software is free to download and documentation is available on the website: www.snort.org.
Snort works in one of three modes:
Sniffers
In packet snort sniffer mode , the console (shell or command prompt) displays a continuous stream of the contents of all packets crossing the network.
Packet loggers
It is similar to the sniffer, with the difference that the contents of the package are written to a text file log rather than displayed in the console. The good thing is that we can use the data files using specific programs such as Wireshark https://www.wireshark.org
Network intrusion detection
This is the most interesting feature, in this mode Snort uses a heuristic approach to detect anomalous traffic. This means that it is rule-based and learns from experience.
We will speak more about Snort in a next article, and we will use it in network cloud environment to improve operation and security.
How to install Snort
Snort is not included in Kali Linux distribution, and there are many videos and article explaining how to install it, this is the quickest and easy way I found.
Ubuntu repositories provide the Snort package, we can exploit this to easily install it.
Enter in the /etc/apt folder and open sources.list file.
Navigate in the Ubuntu repositories and open the file below
https://gist.githubusercontent.com/ishad0w/788555191c7037e249a439542c53e170/raw/3822ba49241e6fd851ca1c1cbcc4d7e87382f484/sources.list
Copy content in the Kali sources.list file, at the end.
I usually add Ubuntu repositories in my Kali, both system are Debian based and it is convenient to be able to install not security software easily via apt.
Execute the two command below to download the Ubuntu keys
sudo apt-key adv –keyserver keyserver.ubuntu.com –recv-keys 3B4FE6ACC0B21F32
udo apt-key adv –keyserver keyserver.ubuntu.com –recv-keys 871920D1991BC93C
Execute the apt update
Install Snort via APT executing
sudo apt install snort
We can use the same way for any type of Linux distribution, especially in automation for cyber containers approach.
