Introduction to Snort

Course code: SN001

5 days

This course is designed to introduce IT security professionals to the world's most effective and widely used Intrusion Detection System (IDS), Snort. Designed to around a series of integrated hand-on labs using Snort in a Debian Linux environment.

Course content >

Who Should Attend?

Network administrators Security administrators Security consultants Other security professionals. Those using other manufacturer's IDS's will gain from this course as it will convey the basic inner workings of any IDS


None, however a solid understanding of TCP/IP protocol structure and Linux/Unix ensures delegates obtain the most from the course. For those without this background, part of the first day can be spend introducing these concepts and techniques.

Course Contents

On completion of this five day course delegates will have: (1) a core understanding of Snort inner architecture; (2) the ability to write custom Snort rules; (3) configure Snort to output alerts to a database for further analysis (4) Snort tuning skills to ensure optimal performance (5) Snort installation and configuration skills to ensure Snort is a highly effective IDS/IPS (6) Knowledge to select appropriate GUI interface for analysis

Introduction to Snort:

Network Traffic Analysis

TCP/IP Fundamentals

Linux/Unix Fundamentals

Attack Vector Analysis

Installing, configuring SNORT:

Configuration file

Upgrading Sensorplacement


Packet capture and analysis


Rule writing:

Dynamic rules

Testing rules

Optimizing rules

Statistical analysis

Management tools:



Performance Tuning and thresholding

Log and Alert analysis

Data Analysis Tools

Installing and Using Barnyard

Contact us for more information