7.5. Snort: A Popular NIDS
For the purpose of discussing how you set up an NIDS, we'll look at Snort, an open-source software project that has become one of the most popular of all NIDSs, even when compared with commercial products costing thousands of dollars. Snort isn't difficult to configure and use (in theory), but in reality avoiding false alarms is a constant challenge with any NIDS.
You can use Snort to sniff packets, log packets, and, of course, detect network intrusion. When sniffing packets, Snort simply displays those packets on the console. Logged packets are, of course, recorded on the hard drive. NIDS logging and alerting (matching and responding to suspect traffic) functions are based on configuring rules and responses.
By default, ...