SNORT IDS/IPS Project 🚨

This repository documents a practical project on Snort, a free and open-source network intrusion detection and prevention system (IDS/IPS) developed by Cisco.

---

👥 Team Members

• Amer Ashoush
• Karim Elmasry
• Abdelrahman Abdelmoaty
• Omar Ahmed Hamdy

---

📁 Project Structure

• cli_captures/ — Terminal outputs from logging, sniffing, and reading logs
• commands/
  • rule_testing/ — Screenshots demonstrating custom rule writing and testing
  • snort_on_pcap_file/ — Snort used to analyze .pcap files
• decor_pics/ — Diagrams, comparison visuals (e.g. IDS vs IPS), Snort logo
• docs/ — Presentation files and Snort reference PDF (TryHackMe + slides)
• logging_ascii/ — Screenshots of ASCII log output
• snort_rules/ — Visual reference of Snort rule formats
• notes_and_links.txt — Extra notes and useful command references
• task_6.txt — Project assignment brief

---

🚀 How to Run Snort

Sniffing

sudo snort -dev

Logging to current directory

sudo snort -dev -l .

ASCII Logging

sudo snort -dev -K ASCII -l .

Read from saved logs

sudo snort -r snort.log.1745790677 -n 10

Read from PCAP

sudo snort -r sample.pcap

---

📜 Example Rule

alert tcp any any -> any 80 (
  msg: "GET Request Found";
  content: "GET";
  nocase;
  sid: 100001;
  rev: 1;
)

---

🙏 Acknowledgements

This project was made possible thanks to:

• TryHackMe — for their practical labs on Snort and network defense, which deeply informed our hands-on understanding of intrusion detection and prevention.
• Cisco — for maintaining Snort as an open-source IDS/IPS.
• AASTMT Cybersecurity Faculty — for guiding the project and providing the training framework.

---

📚 Resources

• Snort Official Docs
• Tcpdump Man Page
• TryHackMe Snort Cheatsheet
• TryHackMe: Snort Room