Snort Fundamentals is a concentrated three-day tour of the
Snort intrusion detection and prevention system (IDS/IPS) with
a focus towards hands-on exercises, providing students with the
knowledge needed to install, configure and maintain a network
of Snort sensors. Students are expected to understand the
concepts of computer networking to the level of the AoE LAN/
WAN Fundamentals course.
The Snort Fundamentals course begins with a brief review of
common network protocols, continuing into discussions and
exercises centered on installing and configuring Snort. Finally,
students will learn the methodology and best practices as they
write and test new Snort rules. Hands-on labs span a variety
of tools including tcpdump, Wireshark, Snort, Barnyard2, and
Students will perform in-depth network analysis, install Snort,
extend Snort functionality with the use of Barnyard2 and
Snorby, modify existing rules, write new rules, and analyze rule
performance. A capstone exercise provides a real-world scenario
in which students are expected to analyze network traffic in realtime
as multiple attacks take place.
Snort is a registered trademark of Sourcefire, Inc.
Students should have general computer knowledge and have completed AoE LAN/WAN Fundamentals or have equivalent experience.
- Course Introduction
- Intrusion Detection / Prevention Systems
- Overview of Network Protocols
- Internet Protocol (IP)
- User Datagram Protocol (UDP)
- Transmission Control Protocol (TCP)
- Snort Rules