>> I've opened up a Windows command line interface as administrator
and navigated to the C snort bin directory.
Let's type snort dash H. We'll pipe it some more to see the snort help.
In this demo, we're going to use dash D, dump the application layer.
Dash E, display the second layer header info.
Dash I, listen on interface.
Dash V, be verbose.
And dash uppercase W, lists available interfaces.
[silence]
We're going to use snort in sniffer mode to capture packets
from the network and send output to the console.
Snort dash uppercase W shows us a list of interfaces to choose from.
I'm going to pick interface three.
Snort dash V dash I3.
We'll start snort with verbose output from interface three.
[silence]
No preprocessors configured for policy zero is just a warning.
We'll enable preprocessors later.
I'm going to open up another Windows command line interface.
Observe the captured packets.
[silence]
We're going to send a continuous ping to the Google public DNS server.
[silence]
Notice the information being displayed by snort.
[silence]
We're going to press control C to stop and analyze the results.
[silence]
This time we'll add the D option to dump the application layer data.
Our continuous ping is still going.
Notice the letters of the alphabet, the 32 bytes of data sent by Windows in an ICMP echo request.
[silence]
This time we'll run it with the E option, which is used to display the second layer header info.
Our continuous ping is still going.
[silence]
Notice the MAC addresses and other layer two information displayed.
[silence]
Snort Packet Logger Mode
>> With our continuous ping still running --
-- let's use the L option, log to directory to run snort in packet logger mode.
[silence]
We're also going to open up a browser and go to www.rit.edu.
[silence]
Let's stop this with control C and go to C snort log.
We're going to open up this file with Wireshark.
[silence]
Snort has captured the packets.