snort – Page 3 – WindowsTechs.com

Snort log file snort.log.xxxxxxx is empty [closed]

Posted on April 23, 2021 by mimi

When running Snort on pcap using the following command :
$ snort -r /home/mina/Downloads/test.pcap -c /etc/snort/snort.conf -l /var/log/snort/

This generate a log file snort.log.xxxxxxx, but this file is empty (0 bytes)
Packet I/O Totals:… Continue reading Snort log file snort.log.xxxxxxx is empty [closed]→

Snort DNS rule immersive labs

Posted on March 5, 2021 by Aud Cryan

The question is

"Create a rule to detect DNS requests to ‘interbanx’, then test the
rule with the scanner and submit the token."

My rule is:
alert udp any any -> any 53 (msg:"alert"; sid:5000001; content:"|09|… Continue reading Snort DNS rule immersive labs→

SNORT rule for detecting/preventing unauthorized VPN or encrypted traffic

Posted on March 2, 2021 by Taranbud

Here’s my not so theoretical scenario: A day-one Trojan horse attack where the attacker sets up a secure connection back to himself using a well known trusted port, such as 80 21 443. Or for instance, if a malicious user takes advantage of… Continue reading SNORT rule for detecting/preventing unauthorized VPN or encrypted traffic→

Can I use Snort to detect multiple VLANs over site to site VPN?

Posted on February 24, 2021 by Ahmad Abuhasna

I am studying options to check traffic over multiple VLANs using a Snort cloud machine, since the normal Snort installation requires to get local network and local VLAN information. I thought to use physical machine though all offices (but… Continue reading Can I use Snort to detect multiple VLANs over site to site VPN?→

Blocking FTP Brute Force Attack with Snort

Posted on February 20, 2021 by George

I am trying to become familiar with Snort, and for this reason, I have set three VMs. A Kali, a windows machine with XAMPP and Ubuntu where I installed Snort.
I believe I have Snort running in Afpacket Inline mode. Whenever Snort starts it… Continue reading Blocking FTP Brute Force Attack with Snort→

Need NSL-KDD 20% dataset in PCAP

Posted on February 19, 2021 by mimi

I want to run NSL-KDD dataset 20% in Snort IDS. I have the dataset files (Train and Test) in .txt format; I tried to convert this text file using text2pcap of Wireshark, but did not work with me (Output was empty, it show that : 0 packet r… Continue reading Need NSL-KDD 20% dataset in PCAP→

Is there any option to find KDD Cup 99 10% and NSL-KDD 10% datasets in pcap format? [closed]

Posted on February 5, 2021 by mimi

I want to test Snort IDS. The above datasets are availables only in .txt format.

Continue reading Is there any option to find KDD Cup 99 10% and NSL-KDD 10% datasets in pcap format? [closed]→

Snort Alert doesn’t filter source port 80

Posted on January 9, 2021 by Marc

My problem is as followed: I have a pcapng file with around 125k packets. 57k packets are from destination port 80 to a range of port 20943 to 24519. Below is my very simple alert, which for now does not include a BPF filter.
ruletype … Continue reading Snort Alert doesn’t filter source port 80→

Snort doesn’t capture raw packets

Posted on December 30, 2020 by Meysam

I have a python code on Linux to create a raw packet:
import socket

s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP)
s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)

ip_header = b’\x45\x00\x00\x28′
ip_header +… Continue reading Snort doesn’t capture raw packets→

Snort doesn’t capture raw packets

Posted on December 30, 2020 by Meysam

I have a python code on Linux to create a raw packet:
import socket

s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP)
s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)

ip_header = b’\x45\x00\x00\x28′
ip_header +… Continue reading Snort doesn’t capture raw packets→