Installing Snort on Linux

Installing Snort on Linux Step By Step

Step 1:-Open Kali And Open Terminal. 

Step 2:- In Terminal Write Below Command.

         sudo apt-get Install snort

This Command Will Install Snort In Your System.

It Will Ask You That You Want To Continue Or Not. Type "Y" To Continue.


 After Run this Command "Snort Configuration Page" Will Open.

Replace You IP Address And Subnet Mask of Your Device. In My Case IP Address "192.168.0.101". And Subnet Mask "24", And Then Click On "Ok".

        

 

Step 3:- In Terminal Write Below Command. 

        touch /etc/snort/rules/custom.rules

This Command Will Create "Custom.rules" File In Side Rules Dictionary.

After that go to /etc/snort/rules/ Folder And Write Below Command To Open "Custom.rules" File.

        vi custom.rules

You Can Write Your Custom Rules In This File, I Used Below Rule.

"alert tcp any any -> $HOME_NET 80 (flags: S; msg:"Possible DoS Attack    Type : SYNflood"; flow:stateless; sid:3; detection_filter:track by_dst, count 20, seconds 10;)"

 


Step 4:- Go to /etc/snort/ Directory, And Then Run Below Command To Open Default Snort Configuration File..

       vi snort.conf

Step 8: "snort.conf" File Will Open.

Add System IP Address And Subnet Mask On Place Of Any

"ipvar HOME_NET 192.168.0.100/24 (ip/subnet mask)"

        

Add Your Custom Rule File Using Following Command.
"include $RULE_PATH/custom.rules"


Step 5:- Create New Directory In Side Your Root Directory.

        mkdir log
 


Step 6:- Write Below Command.

        snort -l ./log -b -c /etc/snort/snort.conf

This Command "Save All Logs" Into The Log File.



Step 7:- You Can Write Following Command. 

snort (This Command Capture All The Network Packages )

snort -X -i eth0 (This Command Capture All The Packet Of Network Source Of eth0)




Comments

Post a Comment

Popular posts from this blog

OSINT Tool in Termux

Image
The Instagram OSINT Tool gets a range of information from an Instagram account that you normally wouldn't be able to get from just looking at their profile The information includes: [ profile ] : user id, followers / following, number of uploads, profile img URL, business enum, external URL, joined Recently, etc [ tags & mentions ] : most used hashtags and mentioned accounts [ email ] : if any email is used any where it'll be displayed [ posts ] : accessability caption, location, timestamp, caption, picture url, etc ( yet not working correctly with posts instagram marks as 'sensitive cotent' ) How To Install apt update && upgrade -y Pkg install git pkg install python3 git clone https://github.com/th3unkn0n/osi.ig.git && cd osi.ig python3 -m pip install -r requirements.txt Usage python3 main.py -u username
Read more

Active Directory Ransomware Attacks

Image
    Organizations worldwide use Active Directory (AD) as their primary identity service , which makes it a top target for ransomware attacks . This article explains how adversaries exploit Active Directory during ransomware attacks and provides strategies and tools for defending against this modern menace. The two phases of a ransomware attack A common misconception about ransomware attacks is that they are quick: Someone opens an infected email attachment or inserts an infected USB device , and within minutes data across the network is encrypted and a ransom demand is displayed on every screen . The reality is quite different. Ransomware attacks today tend to be quite sophisticated and methodical . To encrypt as much sensitive information as possible and therefore maximize the chances of receiving a high payout , attackers proceed in two phases: Find an entry point — The first step is to gain a foothold in the victim organization ’s network . One common strategy is to comp...
Read more

Colt Telecom Hit by WarLock Ransomware: SharePoint Zero Day Used for Mass Data Theft

Image
  What Happened On August 12, 2025 , Colt Technology Services—a UK-based telecom giant—experienced a cyberattack that disrupted several internal support services, impacting systems like Colt Online, porting, and Voice API platforms, while core network services remained unaffected. Who Claimed Responsibility A threat actor using the handle "cnkjasdfgd," claiming to represent the WarLock ransomware group , offered 1 million stolen documents for US$200,000 , providing sample files to prove their legitimacy. Made Possible By The attackers exploited a critical zero-day vulnerability in on-premises Microsoft SharePoint (CVE‑2025‑53770), which was publicly patched on July 21, 2025. Technical Breakdown (“ToolShell” Exploit Chain) Attackers used a sophisticated exploit chain now dubbed ToolShell , involving multiple steps: 1. Initial Access – Bypassing Authentication A crafted HTTP POST to the /_layouts/15/ToolPane.aspx endpoint with a spoofed Referer header (/_layo...
Read more