Network Monitoring with Snort

One of the keys to any type of security is knowledge. To keep a network secure, you must know about security in general, but you must also be aware of the environment in which your computers operate.

Roderick Smith

Thursday, May 15th, 2003

Share This:

One of the keys to any type of security is knowledge. To keep a network secure, you must know about security in general, but you must also be aware of the environment in which your computers operate.

For example, any computer that’s connected directly to the Internet is likely to see several unauthorized access attempts per day from outside the local network. Indeed, there may even be suspicious activity from within your local network, either from disgruntled insiders or from a successful outside intrusion or infection. If you’re to effectively guard against intrusions, it’s helpful to be aware of them. Even if you don’t respond to every probe (a monumental and unrewarding task), changes in the patterns of attack may be important: Changes may tip you off to new vulnerabilities and attack tools.

Network monitoring tools help you keep an eye on network attacks. Several network monitoring tools are available, but this month, let’s focus on just one: Snort (http://www.snort.org). Snort is a very powerful system for monitoring network traffic. It can be used in one of two ways:

As a packet sniffer. Snort can echo network packets, or parts of them, to the screen or to a log file you specify. Used as a packet sniffer, Snort can be useful for network diagnostics — say, to verify that packets are actually reaching a target computer.

As a network intrusion detection system (NIDS). Snort supports powerful rules for interpreting network traffic. You can create a…

Please log in to view this content.

Not Yet a Member?