Snort IDS / IPS Complete Practical Guide | TryHackme
Вставка
- Опубліковано 28 лип 2024
- In this video walk-through, we covered configuring snort as an IDS/IPS open-source solution. Snort operates as sniffer, packet logger and IPS/IDS.
**********
Receive Cyber Security Field, Certifications Notes and Special Training Videos
/ @motasemhamdan
********
Writeup
motasem-notes.net/snort-ids-i...
TryHackMe Snort
tryhackme.com/room/snort
Google Profile
maps.app.goo.gl/eLotQQb7Dm6ai...
LinkedIn
[1]: / motasem-hamdan-7673289b
[2]: / motasem-eldad-ha-bb424...
Instagram
/ dev.stuxnet
Twitter
/ manmotasem
Facebook
/ motasemhamdantty
I'd got the same problem with the questions that you didn't found, and I really entered to this video trying to found the answers. Finally i found that the mode that works similar to NIPS is "NBA" (Network Behaviour Analysis), and the kind of NIPS that it is is "full-blown". Hope it will help!
According to the official description of the snort, what kind of NIPS is it?
full-blown
As usual, the greates professor! Thanks Motasem!
thank you for explaining this. Been going through the SOC pathway and snort has completely stumped me by not fully explaining the contents of the output it gives (might as well be hieroglyphs lol) . Your teaching and break down of the concepts were super helpful in learning the fundamentals of it.
Is it possible to share your notes you keep referencing in the video?
Thank you for the remarks. The notes are part of the third tier of the channel membership@@MFmyk3
I was messing with step 9, question 1, forever and thought I was failing. However, it was because I didn't realize the alert file being made :) Great vid.
very helpful to follow along with at every spot I got stuck in the snort room. Thank you!
You are the best in explaining things Motasem , thanks a lot !
A clear video tutorial. Very helpful to tryhackme beginners. Thanks professor.😊😊
Thank you so much @Motasem for creating this awesome video on Snort. It was really helpfull and informative from starting to end. I liked the way of your explaining the concepts or points in details with easy explanations. Again appreciated the hard work you put in this video :)
Thank you so much for this. You are a life saver!
Very well organized and well explained! thank you ! that was really helpful
I was able to complete the task cuz of this video! Super clear :) Thanks much
Thanks again another awesome video
I'm sharing my experience here, hopefully, it helps others. I initially missed a key step in Task 8: Operation Mode4 - PCAP Investigations. There are multiple ways to get to point B but I choose the following path:
Mr. Hamdan provided a helpful bash command to locate the relevant file: find . -name "icmp-test.pcap". After accessing the directory, I used the command while directory Task 8: snort -r icmp-test.pcap and had no problems moving to the next step. Thank you Mr. Hamdan
what a teacher.really i learn a lot of you.
Thank you, this section was very complicated
Thank you so much.
thanksssssss its a clear video and Very helpful and easy english that help me understand without having fluent english
3rd to last question in task 4 is "full-blown". It is listed in the description of snort under the blue highlighted letters section.
OMG!!!!! Thank you so much ! I feel less than dumb ! I spent a significant amount of time on that freaking question !!!!!!!
Great video thanks!
Thank you Sir !
NBA and full-blown, thanks for this video, this snort was so complicated, they really need some gui platform
Thank you Motasem, that task 7 question though. haha
how did u get the traffic generator installed ?
thanks for video
Great content. Please share your entire notes with me, focusing on the sudo command.
Thank You habibi!!
Thanks!
Thank you Gabriel.
are your snort notes with the specific commands and explain what the commands do available online?
Thank you for sharing this video, but i have question. i have pcaps file and i want command to i see traffic and some Alerts
What is the notebook you are using? I really like the way it tree's out. I am just using onenote.
could you please provide a link to your notes? that would be helpful
Hi Motasem,
For 9.4 , same ip question, when I used the protocol as ip, I got the answer as 13.. Just wanted to confirm the reason behind using tcp and udp and also just to update changes to rev field are not needed
bro first you should remove the alert message that is generated as a result of the previous using the command "sudo rm -r alert". then open the local rule and add the tcp and udp rule as same as what Mr.Motasem Hamdan showed in this tutorial. Then you again run the rule. Then after you will get the answer 10.
What is the name of the application in the taskbar marked with the letter s
Great video, the room is vet long and a bit boring, your videos add enthusiasm
1:20:15 - Network Behaviour Analysis - NBA. The second one is - full-blown.
Great job mate. I think this channel is underrated.
I have a question. I watched on this video that you are using obsidian. Are you sharing with the comunity your notes or they are private?
Hello, you can subscribe to the channel membership tier 2 to get access to all the notes, link below
ua-cam.com/channels/NSdU_1ehXtGclimTVckHmQ.htmljoin
Or if you are interested in one subject among the others, you can pay for one time. The notes that are available for one time purchase can be found below
motasem-notes.net/
what kind of packets are the ones you see in sniffer mode at 21:35?
Superb! Very well organised and well explained. Can you sahre your notes please.
Hello, you can subscribe to the channel membership tier 2 to get access to all the notes, link below
ua-cam.com/channels/NSdU_1ehXtGclimTVckHmQ.htmljoin
Or if you are interested in one subject among the others, you can pay for one time. The notes that are available for one time purchase can be found below
motasem-notes.net/
Can you please install and configure on windows server?
I have everything set up. Snort trigger an alert when I ping the pc where it is installed. The problem is when I do a ping to another PC within my network, Snort doesnt detect it. I have my network card in promisc mode. Any idea why is this happening?
Which snort mode works similar to NIPS mode? NBA
According to the official description of the snort, what kind of NIPS is it? full-blown
hello motasem ty so much for your effort, i have 1 question ,where can I have or buy your notepad library?
Hello, you can subscribe to the channel membership tier 2 to get access to all the notes, link below
ua-cam.com/channels/NSdU_1ehXtGclimTVckHmQ.htmljoin
Or if you are interested in one subject among the others, you can pay for one time. The notes that are available for one time purchase can be found below
motasem-notes.net/
Tysm@@MotasemHamdan
how can I block vpn packets mr?
heeeyy mohamed great Containt.Please which tool has been used to keep documentation?
Heey, Its Obsidian.
@@MotasemHamdan between Soc analyst or Cloud what do you think?
NBA training period is also known as ..?
Test the current instance with "/etc/snort/snort.conf" file and check how many rules are loaded with the current build. ?
baselining
:))
Answer: 4151 > sudo snort -T -c /etc/snort/snort.conf
Good course , but the audio level is really low.
which app do you use for storing notes
Obsidian
Can I ask what the notepad are you using?
I want to put notes in somewhere and looking for suitable note pad.
The same question :) can you find an answer ?
@@FunnyAnimals-ko8zz it's obsidian ;)
@@techskyrocket4101 Thanks Bro :)
Which snort mode works similar to NIPS mode? NBA
full-blown - baselining
Could anybody help me with the Task 4 Question 1 is the only question I'm missing, tried a lot of combinations with -V but no success
Answer: 149, type sudo snort -v
@@VeNoM____ thanks bro!!
❤
According to the official description of the snort, what kind of NIPS is it -> full-blown😉
Are you sharing your notes that you have saved?
i mean your notes library?
Hello, online access to notes is part of channel membership
ua-cam.com/channels/NSdU_1ehXtGclimTVckHmQ.htmljoin
can you provide the access to your notes?
Once you are subscribed to channel membership, you wil able to access sys admin notes for Linux and Windows.
You can also subscribe from here
www.buymeacoffee.com/notescatalog/membership
it is NBA
whats -dev means in sudo snort -dev -K ASCII -l .
Could you please specify at which minute:second in the video?
34:22 sudo snort -dev - K ASCII -l . @@MotasemHamdan your explanation is very nice man,god bless you,thank you.
19:45
Two missing answers are NBA and full-blown
Great video but dude turn off that alert noises that come up throughout the entire video. It scared me to death!
NPA , full-blown
Hi Motasem, v lovely videos and explanations thank u.
I would like to connect with you regarding some 1:1 coaching for blue team studies. Kindly let me know ur email/id etc or whatsapp plz
Thank u 🙏🏾