barns.blog

Today I set about performing the following tasks:

• Setting up and Running Snort
• Testing Snort with a few Simple Scans
• Using InetVis with NULL Interface Traffic

I succeeded in setting up Snort and running it with just the sfportscan preprocessor. The README states that it is designed to match against Nmap scans and I attempted to get it to alert on these, but discovered that it doesn’t alert on a number of these scans.

In an attempt to use Nmap scans tartgeted at a FreeBSD disc Interface, I set about modifying InetVis to accept more than just Ethernet frames. This was a “Bad Idea”™. With some help from Nick and Wiresharks text2pcap tool, I wrote a program which converts a disc interface tcpdump file to text which can be processed by text2pcap to produce a file of Ethernet frames. This loads correctly into Wireshark, but still does not produce output in the Windows version of InetVis. I think that it is a bug…

I struggled to use C++ after such a long time of not using it, but it certainly improved as the afternoon wore on.

The following was done today:

• Reinstalled FreeBSD
• Installed Snort and Bro
• Installed other extras, like Nmap
• Learned about disc interfaces
• Fought with InetVis

I also got sidetracked into doing my final marking for this semester and having an aircon in the RUCUS room regassed.