[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 613
  • Last Modified:

linux distro and snort

I am a semi newb to linux and given the circumstances right now being out of a job i am taking the time to heighten my skill set, i have a BS in system security so i am going to concentrate on that aspect. I have been playing with ubuntu 8.04 which i see is stable more that 8.10 after the upgrade their are known issues with network settings so i am going back to 8.04 but my ? is i really want to make a IDS using snort or some other tool to monitor traffic on my home network. i have this pc 2gig P4 with 1gig of ram and 40gig drive works great. i want to learn more about packet capturing using snort or some other tool. what i am finding is that their are guides on how to install snort but there are a lot variables that are not correct so i have to figure out the parameters myself which is not easy sometimes. is their a complete guide of using snort or someother tool that is step by step baby steps being used on a linux distro that goes hand in hand.
0
scripttron75
Asked:
scripttron75
1 Solution
 
WizRd-LinuxCommented:
There isn't really a specific distribution that works with snort, as this is the whole point of it being source code.  You should be able to compile and run snort on any system that supports gcc compiling.

I know it isn't the definative or simple answer you are looking for but I would start with http://snort.org/docs/ and particularly the IDS Deployment Guides.
0
 
computerfixinsCommented:
Take a eyeball at the linux live cd's yet?

Make life alot simplier, you can find what tools you need then build your own distro when you are familiar with the tools...

http://www.darknet.org.uk/2006/03/10-best-security-live-cd-distros-pen-test-forensics-recovery/

The biggest issue with snort, and any other wifi sniffing is you need to force your wifi card into anonymous mode...  This is the single hardest step...

Most default drivers that come with standard linux flavors (ubuntu, fedora), will not go into anonymous mode...

ie:  For intel based cards i use:

service network stop
service NetworkManager stop
modprobe -r iwl3945
modprobe ipwraw

The ipwraw driver is the hacked intel driver that allows anoymous packet sniffing...

Here's a write up i did once upon a time:

http://forums.extremeoverclocking.com/showthread.php?t=307813
0
 
scripttron75Author Commented:
I dont want a live cd, i am using a compaq pc with linux on it installed, i am not using wireless either straight ethernet tapped into my home network.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now