Watch Snort Installation, Config, and Rule Creation on Kali Linux 2.0 in New Channel | Channify

Please check out my Udemy courses! Coupon code applied to the following links.... https://www.udemy.com/hands-on-penetration-testing-labs-30/?couponCode=NINE99 https://www.udemy.com/hands-on-penetration-testing-labs-20/?couponCode=NINE99 https://www.udemy.com/kali-linux-web-app-pentesting-labs/?couponCode=NINE99 https://www.udemy.com/kali-linux-hands-on-penetration-testing-labs/?couponCode=NINE99 https://www.udemy.com/network-security-analysis-using-wireshark-snort-and-so/?couponCode=NINE99 https://www.udemy.com/snort-intrusion-detection-rule-writing-and-pcap-analysis/?couponCode=NINE99 Description: This video covers how to install Snort, edit the configuration file, create custom Snort rules, and analyze a PCAP with malicious Neutrino exploit kit activity. The following are the commands I used during the video: apt-get install snort (this command installs Snort. If you are not root, type sudo apt-get install snort) ifconfig (this shows the configuration of your local network interface) touch /etc/snort/rules/custom.rules (this creates a rule file) vi /etc/snort/snort.conf (this opens the Snort configuration file in Vi text editor) mkdir log (this creates a directory named log) snort -l ./log -b -c /etc/snort/snort.conf (this runs Snort in NIDS mode) alert tcp any any -(greater than symbol) any any (msg:“Possible Neutrino Exploit kit infection.”; content:”vclphjybj.ioxbpjgtqvwqfzmwhn.ga”; classtype:trojan-activity; sid:999995; rev:1;) (Snort rule in video. Please note that pointy brackets aren't allowed in the YouTube description, so use a greater than symbol after any any -) snort -l ./log -b -c /etc/snort/snort.conf -r (pcap name) (this reads a PCAP and compares it against Snort rules)