Fantastic video; such a clear explanation, great detail, well paced and really easy to follow along. Nice work! Looking forward to seeing more content.
I have seen more than 10 videos on youtube but none matches with yours. The ease of explanation has literally saved a lot of my time. Thanks u. Subscribed & waiting for more and more future contenct. Please make a series on Splunk & Linux rules if possible
When I go to /var/log/snort, my local address folder with the logs is not there. Also when I do something else on my local network, nothing pops up. Only when I do something on the VM where snort is installed that I get output. Do you maybe know why? Also very usefull video, super easy to understand and well explained!
I think your VM network mode is "local host only", you have change it to bridged mode. However this will still not work, as all your traffic will not be passed to the snort ip. This is a network levval configuration. You might need to buy a special switch Google about span port/traps You will get the idea 💡
Hi Vineet, actually Snort can work as an IPS or and IDS, its only where and how you setup in the network. Check the following document. www.snort.org › documentsPDF Snort IPS Tutorial
Will this work actively in real time?... So could you be running any Snort rule in the background while you're working on something else on you computer? CAN YOU GET OPERATING SYSTEM FINGERPRINT FROM SOURCE IP? CAN YOU TRACE THE SOURCE IP?
Hi ! Thanks for the tutorial , I have been trying to listen on the port 1883 . but nothing seems to work , could you please help I want to detect mqtt protocol via snort
The Snort IPS feature enables Intrusion Prevention System (IPS) or Intrusion Detection System (IDS) for branch offices on Cisco 4000 Series Integrated Services Routers and Cisco Cloud Services Router 1000v Series. This feature uses the open source Snort solution to enable IPS and IDS
@@SuperChelseaSW6 yes , its an NG (next gen ) firewall, the box offers more that firewall all functions.Stateful firewall, Application Visibility and Control, NGIPS, Advanced Malware Protection, URL filtering, DDos, also research on thr fortinet stuff
Fabulous video, it has helped me now I need to start simulating dos and ddos in vm environment using snort to show me how snort can detect or prevent attacks, do you have any videos to help with this ? :-) and thanks again this was really helpful
Thankyou for the great explanation. I need some advice, when i install and run snort this comes up " Could not get lock /var/lib/dpkg/lock-frontend - open (11: Resource temporarily unavailable) Unable to acquire the dpkg frontend lock (/var/lib/dpkg/lock-frontend), is another process using it? What should i do ? :/
You work in windows or Linux? and can you do a video explain how we get the IP address from BD(BD connected with snort) by rqt t SQL in java 🥺..or can you help if you have time in my homework we can talk in social media if you have .. please
I followed the video carefully but when I try to test the snort.conf file, I get the following error. Log Directory is getting set as eth0. I checked in the snort.conf file and set the path for "config logdir:" as /var/log/snort. This is not helping. Log directory = eth0 ERROR: OpenAlertFile() => fopen() alert file eth0/snort.alert.fast: No such file or directory Fatal Error, Quitting..
Hi Sir. Can you please make a video on how to drop the packets using snort on windows. I have tried the same but it says inline mode have to be enabled on windows. Which seems to be a pretty difficult task. Any help would be appreciated. Thanks.
@@khanjra you will find your answer here, snort use the file-image property to detect image files. and you can find it in any type of traffic. github.com/codecat007/snort-rules/blob/master/snortrules-snapshot-29150/rules/file-image.rules
@@khanjra here you go , alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"GIF File detected"; content:"GET"; content:".gif"; sid:1000005; rev:1;) - and in the git just serch for the file extention you will find many more examples like this.
Can you help me with snort I have installed snort by giving network subnet to capture all traffic in our network bt it's not alerting for all the machines , it's alerting for the machine where I have installed snort do you any idea please
@@HackeXPlorer okay ..could you please make a video on ddos protection! It's a huge headache in gameserver community(Rust,minecraft,csgo)..tgere is no solution available on internet....game server are very much prone to ddos...mostly hosted on linux based vm...but a lot of hosting providers do provide ddis protection .
Hi Kasun, one of my friend used the local host adapter in VM ware workstation and the sniffing had worked for him.without any configuration. Adapter 1 : host only(sniffing) Adapter 2 : NAT
@@HackeXPlorer sir I have configured home network as our public server IP x.x.x.0/24 for home network , but snort receiving/capturing alerts for only the machine where I have installed can you help me how to receive the alerts for all the public ip servers
Fantastic video; such a clear explanation, great detail, well paced and really easy to follow along. Nice work! Looking forward to seeing more content.
Thank you colin, your work was an inspiration, for starting this 😁
I have seen more than 10 videos on youtube but none matches with yours. The ease of explanation has literally saved a lot of my time.
Thanks u.
Subscribed & waiting for more and more future contenct.
Please make a series on Splunk & Linux rules if possible
The tutorial was really good, especially for beginners.
Thanks for the clear explanation. Can you please advice, how can we trigger mail or something once we detected threads
thank you so much for your tutorial, it was extremely helpful
You are welcome 👍
Brilliant, absolutely brilliant. Best explanation ever.
Amazing Explanation. Good Job ! You just got another subscriber.
Very easy to understand. Thank you so much!
Thankyou for the feedback 👍
Excellent Video, thanks very much. Very engaging and informative, and I learnt a lot! Thanks.
Thankyou for the feedback kevin.
You are a lifesaver thank you so much
Very well explained! Thank you sir
Thank you very much for the video ! I have a question : where can I get your PPT please ?
6:10 "sudo !!" will save you some time
Thank you for teaching Can I have a guide or slides of installation and tutorials on RUclips?
Yes, soon
@@HackeXPlorer Thanks, I'll wait and see.
When I go to /var/log/snort, my local address folder with the logs is not there. Also when I do something else on my local network, nothing pops up. Only when I do something on the VM where snort is installed that I get output. Do you maybe know why? Also very usefull video, super easy to understand and well explained!
I think your VM network mode is "local host only", you have change it to bridged mode.
However this will still not work, as all your traffic will not be passed to the snort ip.
This is a network levval configuration.
You might need to buy a special switch
Google about span port/traps
You will get the idea 💡
Nice video and learn a lot about Snort. Could you please make the next video on NIPS so we can learn about how to prevent attack? Thank you so much!
Hi Vineet, actually Snort can work as an IPS or and IDS, its only where and how you setup in the network. Check the following document.
www.snort.org › documentsPDF
Snort IPS Tutorial
@@HackeXPlorer Awesome. Thank you!
This was extremely useful, thank you!
Very well explained! Really cleared my queries : )
Thank you for such a good content. Where I can find your slides?
Thanks Shwetha, ill post the slide on my site soon.
Hackexplorer.net
@@HackeXPlorer excellent video, very well organised and provided details. I was also looking for the slides please.
@@kanizfatema3814 www.slideshare.net/HishanShouketh/snort-home-lab-workshop
www.slideshare.net/HishanShouketh/snort-home-lab-workshop
@@HackeXPlorer Thank you so much. You are an amazing teacher
Will this work actively in real time?...
So could you be running any Snort rule in the background while you're working on something else on you computer?
CAN YOU GET OPERATING SYSTEM FINGERPRINT FROM SOURCE IP? CAN YOU TRACE THE SOURCE IP?
Great session
Thankyou Nadeev.
Hi ! Thanks for the tutorial , I have been trying to listen on the port 1883 . but nothing seems to work , could you please help I want to detect mqtt protocol via snort
thanks for this tutorial, nice workk !
Thanks 🙏
perfection
My case sniffing interface configuration menu not appears, when installation going on there is default interface is not set
Good effort
Nice content sir. Is there a snort appliance hardware to deploy in real world?
The Snort IPS feature enables Intrusion Prevention System (IPS) or Intrusion Detection System (IDS) for branch offices on Cisco 4000 Series Integrated Services Routers and Cisco Cloud Services Router 1000v Series. This feature uses the open source Snort solution to enable IPS and IDS
@@HackeXPlorer what do u think on cisco firepower ?
@@SuperChelseaSW6 yes , its an NG (next gen ) firewall, the box offers more that firewall all functions.Stateful firewall, Application Visibility and Control, NGIPS, Advanced Malware Protection, URL filtering, DDos, also research on thr fortinet stuff
Great work
Thankyou Hikamath 👍
What a explanation!
Fabulous video, it has helped me now I need to start simulating dos and ddos in vm environment using snort to show me how snort can detect or prevent attacks, do you have any videos to help with this ? :-) and thanks again this was really helpful
Ya i am planning on some videos
Thankyou for the great explanation.
I need some advice, when i install and run snort this comes up
"
Could not get lock /var/lib/dpkg/lock-frontend - open (11: Resource temporarily unavailable)
Unable to acquire the dpkg frontend lock (/var/lib/dpkg/lock-frontend), is another process using it?
What should i do ? :/
You can do couple of things
Sun the command with SUDO im front.
Or simply reboot and try again. It will work
thanks for this video, can you share a pdf documents of the process of installation, thanks very much
Here you go, this is a similar installation
www.cloudsavvyit.com/6424/how-to-use-the-snort-intrusion-detection-system-on-linux/
And the remote alert (email) ?
Great video... thank you :)
You are welcome
You work in windows or Linux?
and can you do a video explain how we get the IP address from BD(BD connected with snort) by rqt t SQL in java 🥺..or can you help if you have time in my homework we can talk in social media if you have .. please
I followed the video carefully but when I try to test the snort.conf file, I get the following error. Log Directory is getting set as eth0. I checked in the snort.conf file and set the path for "config logdir:" as /var/log/snort. This is not helping.
Log directory = eth0
ERROR: OpenAlertFile() => fopen() alert file eth0/snort.alert.fast: No such file or directory
Fatal Error, Quitting..
i'm getting an error: "error spo_unified2.c(323) Couldn't open enp0s3/snort.log: no such file or directory"
Please how can we linked snort with MySQL and create table (have IP Addresses)
Yup , this is possible . try the following
www.hackers-arise.com/post/2018/05/29/snort-ids-for-hackers-part-3-sending-intrusion-alerts-to-mysql
Stuck at commencing packet processing. Anyone has any idea how to solve this problem?
Can anybody help me I can’t get snort to work at all on my Ubuntu system please reply if you can help
Hi Sir.
Can you please make a video on how to drop the packets using snort on windows.
I have tried the same but it says inline mode have to be enabled on windows. Which seems to be a pretty difficult task.
Any help would be appreciated.
Thanks.
Thankyou for the suggestion, let me check
That's nice but final step is not working . 😕 Snort does not give any alert when I try to put wrong password.
Any idea ?
I think you are talking about the FTP password, check your rule again.
Thanks
You are welcome Muvi.
@@khanjra you will find your answer here, snort use the file-image property to detect image files. and you can find it in any type of traffic.
github.com/codecat007/snort-rules/blob/master/snortrules-snapshot-29150/rules/file-image.rules
@@khanjra here you go , alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"GIF File detected"; content:"GET"; content:".gif"; sid:1000005; rev:1;) - and in the git just serch for the file extention you will find many more examples like this.
@@khanjra hi meimoon
Can you help me with snort I have installed snort by giving network subnet to capture all traffic in our network bt it's not alerting for all the machines , it's alerting for the machine where I have installed snort do you any idea please
If anyone can help me, how can I save the output of the captured packets? thank you
Check the last part of this video itshows you how to save a capture using tcpdump
ruclips.net/video/xyFLY1saDh0/видео.html
Hey I tried to use snort to prevent DDOS on my game server, I can't figure out how should I stop on a specific udp port!
Sorry, you cannot stop DDOS from this service. only dettect
@@HackeXPlorer okay ..could you please make a video on ddos protection! It's a huge headache in gameserver community(Rust,minecraft,csgo)..tgere is no solution available on internet....game server are very much prone to ddos...mostly hosted on linux based vm...but a lot of hosting providers do provide ddis protection .
ERROR: Can't start DAQ (-1) - ens33: That device is not up!
How can you fix?
www.linuxquestions.org/questions/linux-newbie-8/help-me-snort-error-can%27t-start-daq-1-socket-operation-not-permitted-4175634845/
# apt-get install snort
E: Unable to locate package snort
Hello sir, the last rule of FTP failed login attempt is not giving an alert. Can you please help?
Share the rule here.
Jab Ubuntu mai hi karna tha tou video title mai nhi batai j arhi thi ye baat
how can i turn on promiscuous mode in vmware workstation
Hi Kasun, one of my friend used the local host adapter in VM ware workstation and the sniffing had worked for him.without any configuration.
Adapter 1 : host only(sniffing)
Adapter 2 : NAT
@@HackeXPlorer thank you for your response
Couldn't understand properly
Found Musa lol😂😂
Musa ?
Hi sir
Hi Amith
@@HackeXPlorer sir I have configured home network as our public server IP x.x.x.0/24 for home network , but snort receiving/capturing alerts for only the machine where I have installed can you help me how to receive the alerts for all the public ip servers
@@HackeXPlorer along with that please provide me your email id sir