Install an IDS system to a Windows VM

149

You will also install an IDS system to a Windows VM. Furthermore we capture a network traffic using Snort command. Implementing IDS , WinPcap  & VM. We used ‘follow tcp stream’ after after locating it with “data.data contains <URL>”. It was also observed that conversion filter could also come in handy in a situation like this. Presently, there’s no automated way to locate TCP streams where a sure string seems someplace inside the stream because there’s no two step filtering available yet.



Capture a network traffic using Snort command

After the installation of WinPCap & Backtrack VM which already had snorts, the configuration file was modified as instructed, Wireshark program was used to capture traffic using snort on its sniffing mode.

Above & Below Screen Shot Show That:

Save this traffic:

Error was thrown when files were being saved in ASCII format so to encounter them they were saved as Unicode or when in telephony we would’ve used ANSI A,then log files in tcpdump format using “-b” option, Reading the log file using either “-r” option of Snort or using Wireshark that proved to be a challenge actually but it was worth it.





Locate the HTTP stream

I Used ‘follow tcp stream’ after after locating it with “data.data contains <URL>”. It was also observed that conversion filter could also come in handy in a situation like this.




Presently, I searched & read in manuals but there’s no automated way to locate TCP streams where a sure string seems someplace inside the stream because there’s no two step filtering available yet.

Running the Example & Implementing IDS , WinPcap  & VM: