Tools of the Trade revisited (Part 2)

by Don Parker
Sept. 1, 2017 0 comments TechGenix Pen Testing & Audits hacking & cyberattacks

We left off in part one having generated a series of packets via the network scanner nmap. This network scanner in turn triggered certain alerts as noted in the “alert.ids” file in Snort’s log directory. That was the result of scanning the ports on the computer which we had Snort running on. So we now know that nmap will trigger an IDS. That is all well and good, but what exactly did nmap do which made Snort aware of its presence? That is a good question indeed, and one which we shall now cover. First off let us take a look again at the “alert.ids” file.