Learn how Snort collects IDS and IPS data. Jungwoo shows what IDS/IPS data looks like and how to interpret it.
- [Instructor] Snort is a popular solution…for both intrusion protection and prevention.…It can even run in a packet sniffer mode…when its detection and prevention capabilities…are turned off.…When running it in its sniffer mode…Snort can store the captured packets in the pcap format.…As an intrusion detection and prevention system,…Snort can either generate a log file or forward…its alerts to log servers such as syslog-ng.…Whether they're stored in a file or forwarded,…the Snort alerts have the following basic format.…
The first number in the square brackets…is the generator ID showing…which part of Snort created the alert.…The second number is the signature ID…tied to a Snort rule activating the alert.…The third number is the revision ID…used to tell how many revisions have been made…since the Snort rule was created.…You can also record packet header information…that triggered the alert…and contains information such as timestamp,…source IP and port,…and destination IP and port as shown here.…
Snort offers various other output methods…
- Network security concepts
- The basic functions of a firewall
- Intrusion detection and prevention systems
- Using network data to improve security
- Using log servers to collect data
- Collecting application data
- Collecting OS data
- Network forensics
- Network security visualization
Skill Level Intermediate
1. Network Security Review
2. Network Data Sources
3. Data Collection
4. Data Analytics
Network forensics2m 25s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.