School of Computer Science and Engineering

CSE3502-ISM LAB EXERCISES

WINTER SEMESTER 2021-2022
Slot L51 + L52
Ex. 3: Installing and Configuring SNORT Intrusion Detection
System

Step by Step Process:

1. Download SNORT from https://www.snort.org/downloads

2. Install npcap in your system

3. https://npcap.com/#:~:text=Downloading%20and%20Installing
%20Npcap%20Free%20Edition&text=Simply%20run%20the
%20executable%20installer,documented%20in%20the%20Npcap
%20Changelog

4. Download the SNORT rules w.r.to SNORT version downloaded from

the above website

5. Unzip and Replace the rule folder to C:\Snort\rules

 6. Replace the rule folder to C:\Snort\preproc_rules

7. Open cmd and ipconfig to find the IP address of the system:

198.168.29.82/24, subnet mask: 255.255.255.0

8. Go to the SNORT installed folder C:\Snort\etc, open Snort.config

using notepad++ or notepad

9. Do the following changes in snort.config file

Modification #1

Modification #2
Modification #3

Modification #4

Modification #5

Modification #6

Modification #7
Go to C:\Snort\rules, find the file blacklist.rules, open using notepadd++
Change here in this file BLACKLIST RULES to WHITELIST RULES and save
as this file whitelist.rules

After this step if you see the rules folder in SNORT, you will find 2 files,
blacklist.rules and whitelist.rules

Modification #8 Change forward slash to backward slash

Add include $RULE_PATH\whitelist.rules @ line 652

Modification #9: Remove # and Change forward slash to backward slash

Modification #10: Open local.rules in rules folder and add the following
rules to it.

Modification #11: Perform these changes in line 511 and 512

For testing SNORT:

Test the following 1st cmd

Result:

2nd cmd:

Result:

3rd cmd:

C:\Snort\bin> snort -i 1 -c C:\Snort\etc\snort.conf -A console

1. C:\Snort\bin>snort -W
2. C:\Snort\bin> snort -i 1 -c C:\Snort\etc\snort.conf -T
3. C:\Snort\bin> snort -i 1 -c C:\Snort\etc\snort.conf -A console
Corrections required
Find your IP address if your are connected to WIFI, open network properties

Open Config file and edit it

Give the IP address of the network u connected

10. Un comment line 186

Save this file

Open CMD
1. C:\Snort\bin\snort -W
Try out the following commands given below and
until you get success status.

2. snort -i 4 -c C:\Snort\etc\snort.conf -T
snort -i 4 -c C:\Snort\etc\snort.conf -A console
3. snort -i 5 -c C:\Snort\etc\snort.conf -T
snort -i 5 -c C:\Snort\etc\snort.conf -A console
4. snort -i 6 -c C:\Snort\etc\snort.conf -T
snort -i 6 -c C:\Snort\etc\snort.conf -A console
5. snort -i 7 -c C:\Snort\etc\snort.conf -T
snort -i 7 -c C:\Snort\etc\snort.conf -A console
6. snort -i 8 -c C:\Snort\etc\snort.conf -T
snort -i 8 -c C:\Snort\etc\snort.conf -A console
7. snort -i 9 -c C:\Snort\etc\snort.conf -T
snort -i 9 -c C:\Snort\etc\snort.conf -A console
Final results below screenshots

Some more commands to try

snort -i 5 -c C:\Snort\etc\snort.conf -v
snort -i 5 -c C:\Snort\etc\snort.conf -A console -v
snort -i 5 -c C:\Snort\etc\snort.conf -A console -vd
snort -i 5 -c C:\Snort\etc\snort.conf -A console -d -v -e