Cybersecurity
Academy Introduction to Information Security Network Security Operating System Security Cryptography Web Security Mobile Security Cybersecurity Laws and Regulations Incident Response and Management Risk Assessment and Management Penetration Testing and Ethical Hacking Digital Forensics
CTF Platform Career Paths Certifications Security Tools Commands Cheatsheet Awareness Blog Pentest Wizard Finance Wizard About LinkedIn
Activity 3: Detect Network Intrusion
Introduction to Information Security

In this practical activity, you will use an open-source IDS to detect network intrusions.

50min Hard

Back to Course Labs »

The practical lab activities provided on this website are intended for educational purposes only. The activities are provided "as is" without any warranties, express or implied. The owner of this website shall not be liable for the actions of the users pertaining to perform these activities.
Important! It is illegal to perform any type of intrusion or hacking activities without explicit permission.
Significance: Not all attacks can be prevented. The first security function when an intrusion happens is to be able to detect it in order to respond to it.
Prerequisites: Vulnerability Assessment activity
Requirements: Virtual Network; Snort
Files: Snort
Related Videos: None
Task #1: Install Snort
By completing this task, you will be able to install an well-known, open-source IDS called Snort.
An Intrusion Detection System (IDS) is a security tool that monitors network traffic for signs of malicious activity and alerts security personnel when suspicious activity is detected.

Snort is a popular open-source IDS that uses signature-based detection to identify known attack patterns. Snort can analyze network traffic in real-time and generate alerts when it detects suspicious activity.

Expert Mode
  1. Download and install the latest version of Snort
  2. Download and install the latest version of Npcap
Regular Mode
Task in details »
  1. Download Snort: Visit Snort Downloads webpage and download the executable (.exe) under Binaries (e.g., Snort_2_9_20_Installer.x64.exe).
  2. Install Snort: Double-click the Snort installation file and follow the on-screen instructions to install Snort. During the installation process, accept all defaults
  3. Download Npcap: Visit Npcap webpage and download the latest free Windows installer
    Snort requires Npcap to capture and analyze network traffic
  4. Install Npcap using the following options
    Npcap Installer
By completing this task, you will be able to detect network intrusion using Snort IDS.
To test Snort, you can generate network traffic on the monitored interface and observe the alerts generated by Snort. To generate network traffic, you can perform various activities such as browsing websites, sending emails, or downloading files.
Expert Mode
  1. Configure Snort to monitor network traffic
  2. Create a custom rule to detect ICMP traffic and generate an alert
  3. Start Snort
  4. Generate ICMP traffic to test Snort
Regular Mode
Task in details »
    Configure Snort
  1. Open the Snort configuration file in a text editor such as Notepad. The configuration file is located in the Snort\etc directory
  2. Add the following line to the configuration file to define the rule:
    alert icmp any any -> any any (msg:"ICMP traffic detected"; sid:10001; rev:1;)
    This rule will generate an alert whenever ICMP traffic is detected on the network
  3. You can customize the rule by adding additional parameters, such as source and destination IP addresses or specific ICMP message types. For example, to detect only ICMP echo requests, you can modify the rule as follows:
    alert icmp any any -> any any (msg:"ICMP echo request detected"; icmp_type:8; sid:10001; rev:1;)
  4. Save the changes to the Snort configuration file
  5. To start Snort, open a command prompt and navigate to the Snort\bin directory. Type the following command snort -i [interface name] -c [configuration file] and press Enter. Replace "[interface name]" with the name of the network interface you want to monitor and "[configuration file]" with the path to the Snort configuration file.
    6. Generate Traffic
  6. Start Kali and Metasploitable 2
  7. In Kali, type the following command to generate ICMP traffic ping [Metasploitable IP]
  8. Test: If Snort detects the ICMP traffic, it will generate an alert according to the rule you defined
Coming soon...
               
© Samer Aoudi 2005-2024

Introduction to Information Security