linux distro and snort

Posted on 2009-04-21
Last Modified: 2013-12-16
I am a semi newb to linux and given the circumstances right now being out of a job i am taking the time to heighten my skill set, i have a BS in system security so i am going to concentrate on that aspect. I have been playing with ubuntu 8.04 which i see is stable more that 8.10 after the upgrade their are known issues with network settings so i am going back to 8.04 but my ? is i really want to make a IDS using snort or some other tool to monitor traffic on my home network. i have this pc 2gig P4 with 1gig of ram and 40gig drive works great. i want to learn more about packet capturing using snort or some other tool. what i am finding is that their are guides on how to install snort but there are a lot variables that are not correct so i have to figure out the parameters myself which is not easy sometimes. is their a complete guide of using snort or someother tool that is step by step baby steps being used on a linux distro that goes hand in hand.
Question by:scripttron75
    LVL 13

    Accepted Solution

    There isn't really a specific distribution that works with snort, as this is the whole point of it being source code.  You should be able to compile and run snort on any system that supports gcc compiling.

    I know it isn't the definative or simple answer you are looking for but I would start with and particularly the IDS Deployment Guides.
    LVL 7

    Expert Comment

    Take a eyeball at the linux live cd's yet?

    Make life alot simplier, you can find what tools you need then build your own distro when you are familiar with the tools...

    The biggest issue with snort, and any other wifi sniffing is you need to force your wifi card into anonymous mode...  This is the single hardest step...

    Most default drivers that come with standard linux flavors (ubuntu, fedora), will not go into anonymous mode...

    ie:  For intel based cards i use:

    service network stop
    service NetworkManager stop
    modprobe -r iwl3945
    modprobe ipwraw

    The ipwraw driver is the hacked intel driver that allows anoymous packet sniffing...

    Here's a write up i did once upon a time:

    Author Comment

    I dont want a live cd, i am using a compaq pc with linux on it installed, i am not using wireless either straight ethernet tapped into my home network.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
    In my business, I use the LTS (Long Term Support) versions of Linux. My workstations do real work, and so I rarely have the patience to deal with silly problems caused by an upgraded kernel that had experimental software on it to begin with from a r…
    Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
    Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

    730 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now