Starting to use Snort
Page 1 of 3
Introduction
Snort is a free network intrusion detection software. It is open source and free for personal use. You can download it from http://www.snort.org/dl/. The website describes it as the de facto open source Intrusion detection software.
Here's a direct quote from the blurb at the top of its web page, to save me having to put this in my own words.
Snort® is an open source network intrusion prevention and detection system utilizing a rule-driven language, which combines the benefits of signature, protocol and anomaly based inspection methods. With millions of downloads to date, Snort is the most widely deployed intrusion detection and prevention technology worldwide and has become the de facto standard for the industry.
When you download it, it's probably a good idea to get Ethereal as well because you need to be able to read the logs. http://www.ethereal.com/download.html Ethereal is OK as an IDS by itself but its not as unobtrusive or as sparing of memory waste as Snort. Also Snort gives you the satisfying feeling that you are doing hardcore command line stuff which boosts your confidence that you may have some idea what to do with your findings...... I am going to skip past the installation process, as it's relatively straightforward for both these pieces of software. Just don't pick a silly format to get it in. For example, if you're using Windows pick something that's simple (the whole package) and not tar.gz. If you're using Linux, you probably don't want this newbies' guide because you'll pick it up faster by playing around with it.
Good guides:
Prentice Hall's - Intrusion Detection with Snort - Advanced IDS Techniques using Snort, Apache, Mysql
Snort(TM) Users Manual - comes with Snort - probably tells you everything you need to know
