Link to home
Start Free TrialLog in
Avatar of scripttron75
scripttron75

asked on

linux distro and snort

I am a semi newb to linux and given the circumstances right now being out of a job i am taking the time to heighten my skill set, i have a BS in system security so i am going to concentrate on that aspect. I have been playing with ubuntu 8.04 which i see is stable more that 8.10 after the upgrade their are known issues with network settings so i am going back to 8.04 but my ? is i really want to make a IDS using snort or some other tool to monitor traffic on my home network. i have this pc 2gig P4 with 1gig of ram and 40gig drive works great. i want to learn more about packet capturing using snort or some other tool. what i am finding is that their are guides on how to install snort but there are a lot variables that are not correct so i have to figure out the parameters myself which is not easy sometimes. is their a complete guide of using snort or someother tool that is step by step baby steps being used on a linux distro that goes hand in hand.
ASKER CERTIFIED SOLUTION
Avatar of WizRd-Linux
WizRd-Linux
Flag of Australia image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of computerfixins
computerfixins
Take a eyeball at the linux live cd's yet?

Make life alot simplier, you can find what tools you need then build your own distro when you are familiar with the tools...

http://www.darknet.org.uk/2006/03/10-best-security-live-cd-distros-pen-test-forensics-recovery/

The biggest issue with snort, and any other wifi sniffing is you need to force your wifi card into anonymous mode...  This is the single hardest step...

Most default drivers that come with standard linux flavors (ubuntu, fedora), will not go into anonymous mode...

ie:  For intel based cards i use:

service network stop
service NetworkManager stop
modprobe -r iwl3945
modprobe ipwraw

The ipwraw driver is the hacked intel driver that allows anoymous packet sniffing...

Here's a write up i did once upon a time:

http://forums.extremeoverclocking.com/showthread.php?t=307813
Avatar of scripttron75
scripttron75

ASKER

I dont want a live cd, i am using a compaq pc with linux on it installed, i am not using wireless either straight ethernet tapped into my home network.