In this project, I installed and configured Snort on a Kali Linux virtual machine to operate as an Intrusion Detection System (IDS). I began by downloading and installing Snort, then modified the snort.lua configuration file to define my network settings. I carefully adjusted the HOME_NET variable to match my internal network range and prepared the environment for custom rule creation.

Next, I edited the local.rules file in the /etc/snort/rules/ directory. I created two custom detection rules: one to detect TCP traffic targeting port 80 (HTTP) and another to capture ICMP packets (such as pings). After writing and saving the rules, I verified that Snort correctly parsed the configuration without errors, ensuring the system was ready to monitor traffic effectively.

I then launched Snort in IDS mode with specific logging options, using the eth0 interface to capture network traffic. I tested the setup by pinging the Kali VM from the Host PC, generating ICMP traffic for Snort to detect. After stopping the Snort process, I reviewed the log folder and successfully found and analyzed the captured alerts, confirming that my custom rules worked as intended. This project demonstrated my skills in deploying Snort, configuring detection rules, monitoring traffic, and analyzing security alerts.