Port Scanning, Intrusion Detections, and Packet Analysis by Using Nmap, Snort and Wireshark
Motivated from the following article, http://faculty.scf.edu/bodeJ/CIS2352/NMAP%20Detection%20and%20Countermeasures.pdf Then, I’ve setup Virtual Lab to see how to analyze the different type of scanning on packet and IDS perspectives. Kali Linux as an attacker machine that will running Nmap for scanning activities and capturing traffics by using Wireshark. I’ve installed Snort on Ubuntu 12 LTS Server as IDS and enable portscan configurations and store log in /var/log/snort/portscan.log. Metasploitable Linux as a victim machine. Portscan detection. For more information, see README.sfportscan preprocessor sfportscan: proto { all } memcap { 10000000 } sense_level { medium } logfile { /var/log/snort/portscan.log } Configurations of my Virtual Lab: Kali Linux Snort IDS Metasploitable Linux [192.168.197.209] ---> [192.168.197.217] ---> [192.168.197.216]