SecByArafai

  Detecting Network Intrusions with Snort in My Home Lab In this project I set up Snort, an open-source Network Intrusion Detection System (NIDS), inside a virtual lab. The lab consists of an Ubuntu VM running Snort (the IDS), a Kali Linux VM used for attacking and scanning, and a Metasploitable 2 VM as a vulnerable target. The goal was to detect suspicious activity such as ICMP pings and Nmap scans, and to collect screenshots and logs for portfolio evidence. Lab Topology & Overview • Ubuntu (Snort IDS) — runs Snort and stores alerts/logs. • Kali Linux — attacker machine (runs nmap, ping, etc.). • Metasploitable 2 — vulnerable target for testing. All VMs are placed on an isolated host-only/internal network (example subnet: 192.168.113.0/24). This keeps the testing environment contained and safe from the internet. Tools Used - Ubuntu (Snort) - Kali Linux - Metasploitable 2 - Wireshark - Optional: ELK stack or SecurityOnion for later analysis Setup & Key C...