Snort IDS / IPS Complete Practical Guide | TryHackme

I'd got the same problem with the questions that you didn't found, and I really entered to this video trying to found the answers. Finally i found that the mode that works similar to NIPS is "NBA" (Network Behaviour Analysis), and the kind of NIPS that it is is "full-blown". Hope it will help!

According to the official description of the snort, what kind of NIPS is it?
full-blown

As usual, the greates professor! Thanks Motasem!

thank you for explaining this. Been going through the SOC pathway and snort has completely stumped me by not fully explaining the contents of the output it gives (might as well be hieroglyphs lol) . Your teaching and break down of the concepts were super helpful in learning the fundamentals of it.

I was messing with step 9, question 1, forever and thought I was failing. However, it was because I didn't realize the alert file being made :) Great vid.

very helpful to follow along with at every spot I got stuck in the snort room. Thank you!

You are the best in explaining things Motasem , thanks a lot !

A clear video tutorial. Very helpful to tryhackme beginners. Thanks professor.😊😊

Thank you so much @Motasem for creating this awesome video on Snort. It was really helpfull and informative from starting to end. I liked the way of your explaining the concepts or points in details with easy explanations. Again appreciated the hard work you put in this video :)

Thank you so much for this. You are a life saver!

Very well organized and well explained! thank you ! that was really helpful

I was able to complete the task cuz of this video! Super clear :) Thanks much

Thanks again another awesome video

I'm sharing my experience here, hopefully, it helps others. I initially missed a key step in Task 8: Operation Mode4 - PCAP Investigations. There are multiple ways to get to point B but I choose the following path:
Mr. Hamdan provided a helpful bash command to locate the relevant file: find . -name "icmp-test.pcap". After accessing the directory, I used the command while directory Task 8: snort -r icmp-test.pcap and had no problems moving to the next step. Thank you Mr. Hamdan

what a teacher.really i learn a lot of you.

Thank you, this section was very complicated

Thank you so much.

thanksssssss its a clear video and Very helpful and easy english that help me understand without having fluent english

3rd to last question in task 4 is "full-blown". It is listed in the description of snort under the blue highlighted letters section.

Great video thanks!

Thank you Sir !

NBA and full-blown, thanks for this video, this snort was so complicated, they really need some gui platform

Thank you Motasem, that task 7 question though. haha

how did u get the traffic generator installed ?

thanks for video

Great content. Please share your entire notes with me, focusing on the sudo command.

Thank You habibi!!

Thanks!

are your snort notes with the specific commands and explain what the commands do available online?

Thank you for sharing this video, but i have question. i have pcaps file and i want command to i see traffic and some Alerts

What is the notebook you are using? I really like the way it tree's out. I am just using onenote.

could you please provide a link to your notes? that would be helpful

Hi Motasem,
For 9.4 , same ip question, when I used the protocol as ip, I got the answer as 13.. Just wanted to confirm the reason behind using tcp and udp and also just to update changes to rev field are not needed

What is the name of the application in the taskbar marked with the letter s

Great video, the room is vet long and a bit boring, your videos add enthusiasm

1:20:15 - Network Behaviour Analysis - NBA. The second one is - full-blown.

Great job mate. I think this channel is underrated.
I have a question. I watched on this video that you are using obsidian. Are you sharing with the comunity your notes or they are private?

what kind of packets are the ones you see in sniffer mode at 21:35?

Superb! Very well organised and well explained. Can you sahre your notes please.

Can you please install and configure on windows server?

I have everything set up. Snort trigger an alert when I ping the pc where it is installed. The problem is when I do a ping to another PC within my network, Snort doesnt detect it. I have my network card in promisc mode. Any idea why is this happening?

Which snort mode works similar to NIPS mode? NBA
According to the official description of the snort, what kind of NIPS is it? full-blown

hello motasem ty so much for your effort, i have 1 question ,where can I have or buy your notepad library?

how can I block vpn packets mr?

heeeyy mohamed great Containt.Please which tool has been used to keep documentation?

NBA training period is also known as ..?
Test the current instance with "/etc/snort/snort.conf" file and check how many rules are loaded with the current build. ?

Good course , but the audio level is really low.

which app do you use for storing notes

Can I ask what the notepad are you using?
I want to put notes in somewhere and looking for suitable note pad.

Which snort mode works similar to NIPS mode? NBA

Could anybody help me with the Task 4 Question 1 is the only question I'm missing, tried a lot of combinations with -V but no success

❤

According to the official description of the snort, what kind of NIPS is it -> full-blown😉

Are you sharing your notes that you have saved?

can you provide the access to your notes?

it is NBA

whats -dev means in sudo snort -dev -K ASCII -l .

19:45

Two missing answers are NBA and full-blown

Great video but dude turn off that alert noises that come up throughout the entire video. It scared me to death!

NPA , full-blown

Hi Motasem, v lovely videos and explanations thank u.
I would like to connect with you regarding some 1:1 coaching for blue team studies. Kindly let me know ur email/id etc or whatsapp plz
Thank u 🙏🏾