Snort Installation And Setup In Kali Linux

          

          Hello Friends !  First we need to know about Snort and How it works         

What Is Snort :-

            Snort is packet sniffer that monitors network traffic, carefully inspecting each packet

            for harmful payloads or suspicious anomalies.

            Operating System fingerprint attacks, semantic URL attack, Buffer overflows, server

            message block payloads, and stealth port scans are all example of payloads or attacks 

            that the application may identify.

         In this post you will learn, how to install Snort in kali Linux it's setup.

   Requirements :-

                  VirtualBox Or VMWARE

                  Kali Linux 

           Open the terminal as root in Kali Linux and type following commands in your terminal. If you 

   didn't open terminal as root you should type "sudo" like this,

 Step :- 1              sudo apt install snort 

                   Otherwise you should type like this,

                             apt install snort

 

            Here Snort already installed in my Kali Linux.

Step :- 2             After installation go to the location(/etc/snort/) where snort installed.

                          

Step :- 3            We can see snort configuration file using ls-l command.   

                         

Step :- 4           For backup create copy file of snort.conf 

                         sudo cp snort.conf test_snort.conf

                          

Step :- 5          Then open a test_snort.conf to edit by using 

                         sudo nano tets_snort.conf

                         Here, We need to some changes so we can use any editor like nano.

                         Put the IP range according to your network configuration beside

                         ipvar HOME_NET IP_Address_Range

                         In my case: ipvar Home_NET 198.168.0.0/16  

Step :- 6          Type the following command to check snort rules.

                        sudo snort -T -i eth0 -c /etc/snort/test_snort.conf

Step :- 7          Now, go into the /etc/snort/rules folder to modify the rules as per the need.

                        cd/etc/snort/rules

                        Here are some new rules defined in the rules directory. If you want then you 

                        can add some new rules.

Step :- 8          Here, I am adding some new rules in custom.rules file . You can easily add new 

                        rules using sudo nano custom.rules in this tex file you have to add some new 

                        rules like below image.

                                    Then, press ctrl + X to close and hit y to save.

            
                         Then you need to add file path in snort.conf

                         You can add path by using sudo nano snort.conf and add the file path like

                         include $RULE_PATH/custome.rules

 

Step :- 9           To see the Snort Console, write the following command in the terminal.

                          sudo snort -q -A console  -i eth0 -c /etc/snort/test_snort.conf

                         Then open web application or any server in your network and you will

                         see the snort is catching the traffic over the network.

                                                              THNAK YOU !!!