I'd got the same problem with the questions that you didn't found, and I really entered to this video trying to found the answers. Finally i found that the mode that works similar to NIPS is "NBA" (Network Behaviour Analysis), and the kind of NIPS that it is is "full-blown". Hope it will help!
thank you for explaining this. Been going through the SOC pathway and snort has completely stumped me by not fully explaining the contents of the output it gives (might as well be hieroglyphs lol) . Your teaching and break down of the concepts were super helpful in learning the fundamentals of it.
I'm sharing my experience here, hopefully, it helps others. I initially missed a key step in Task 8: Operation Mode4 - PCAP Investigations. There are multiple ways to get to point B but I choose the following path: Mr. Hamdan provided a helpful bash command to locate the relevant file: find . -name "icmp-test.pcap". After accessing the directory, I used the command while directory Task 8: snort -r icmp-test.pcap and had no problems moving to the next step. Thank you Mr. Hamdan
I was messing with step 9, question 1, forever and thought I was failing. However, it was because I didn't realize the alert file being made :) Great vid.
Thank you so much @Motasem for creating this awesome video on Snort. It was really helpfull and informative from starting to end. I liked the way of your explaining the concepts or points in details with easy explanations. Again appreciated the hard work you put in this video :)
Great job mate. I think this channel is underrated. I have a question. I watched on this video that you are using obsidian. Are you sharing with the comunity your notes or they are private?
Hello, you can subscribe to the channel membership tier 2 to get access to all the notes, link below th-cam.com/channels/NSdU_1ehXtGclimTVckHmQ.htmljoin Or if you are interested in one subject among the others, you can pay for one time. The notes that are available for one time purchase can be found below motasem-notes.net/
Hello, you can subscribe to the channel membership tier 2 to get access to all the notes, link below th-cam.com/channels/NSdU_1ehXtGclimTVckHmQ.htmljoin Or if you are interested in one subject among the others, you can pay for one time. The notes that are available for one time purchase can be found below motasem-notes.net/
thank you for these video. they have been helpful. i am interested in your 974 page notes so it helps with easy referencing. does the package (priced at 34 dollars) contain the notes covering all your videos?thanks
Hello, you can subscribe to the channel membership tier 2 to get access to all the notes, link below th-cam.com/channels/NSdU_1ehXtGclimTVckHmQ.htmljoin Or if you are interested in one subject among the others, you can pay for one time. The notes that are available for one time purchase can be found below motasem-notes.net/
Hi Motasem, For 9.4 , same ip question, when I used the protocol as ip, I got the answer as 13.. Just wanted to confirm the reason behind using tcp and udp and also just to update changes to rev field are not needed
bro first you should remove the alert message that is generated as a result of the previous using the command "sudo rm -r alert". then open the local rule and add the tcp and udp rule as same as what Mr.Motasem Hamdan showed in this tutorial. Then you again run the rule. Then after you will get the answer 10.
I have everything set up. Snort trigger an alert when I ping the pc where it is installed. The problem is when I do a ping to another PC within my network, Snort doesnt detect it. I have my network card in promisc mode. Any idea why is this happening?
Once you are subscribed to channel membership, you wil able to access sys admin notes for Linux and Windows. You can also subscribe from here www.buymeacoffee.com/notescatalog/membership
NBA training period is also known as ..? Test the current instance with "/etc/snort/snort.conf" file and check how many rules are loaded with the current build. ?
Hi Motasem, v lovely videos and explanations thank u. I would like to connect with you regarding some 1:1 coaching for blue team studies. Kindly let me know ur email/id etc or whatsapp plz Thank u 🙏🏾
I'd got the same problem with the questions that you didn't found, and I really entered to this video trying to found the answers. Finally i found that the mode that works similar to NIPS is "NBA" (Network Behaviour Analysis), and the kind of NIPS that it is is "full-blown". Hope it will help!
Thanks!
Thank you Gabriel.
thank you for explaining this. Been going through the SOC pathway and snort has completely stumped me by not fully explaining the contents of the output it gives (might as well be hieroglyphs lol) . Your teaching and break down of the concepts were super helpful in learning the fundamentals of it.
Is it possible to share your notes you keep referencing in the video?
Thank you for the remarks. The notes are part of the third tier of the channel membership@@MFmyk3
According to the official description of the snort, what kind of NIPS is it?
full-blown
As usual, the greates professor! Thanks Motasem!
thanksssssss its a clear video and Very helpful and easy english that help me understand without having fluent english
what a teacher.really i learn a lot of you.
I'm sharing my experience here, hopefully, it helps others. I initially missed a key step in Task 8: Operation Mode4 - PCAP Investigations. There are multiple ways to get to point B but I choose the following path:
Mr. Hamdan provided a helpful bash command to locate the relevant file: find . -name "icmp-test.pcap". After accessing the directory, I used the command while directory Task 8: snort -r icmp-test.pcap and had no problems moving to the next step. Thank you Mr. Hamdan
I was able to complete the task cuz of this video! Super clear :) Thanks much
You are the best in explaining things Motasem , thanks a lot !
A clear video tutorial. Very helpful to tryhackme beginners. Thanks professor.😊😊
I was messing with step 9, question 1, forever and thought I was failing. However, it was because I didn't realize the alert file being made :) Great vid.
how did u get the traffic generator installed ?
very helpful to follow along with at every spot I got stuck in the snort room. Thank you!
Thank you so much @Motasem for creating this awesome video on Snort. It was really helpfull and informative from starting to end. I liked the way of your explaining the concepts or points in details with easy explanations. Again appreciated the hard work you put in this video :)
3rd to last question in task 4 is "full-blown". It is listed in the description of snort under the blue highlighted letters section.
OMG!!!!! Thank you so much ! I feel less than dumb ! I spent a significant amount of time on that freaking question !!!!!!!
Great job mate. I think this channel is underrated.
I have a question. I watched on this video that you are using obsidian. Are you sharing with the comunity your notes or they are private?
Hello, you can subscribe to the channel membership tier 2 to get access to all the notes, link below
th-cam.com/channels/NSdU_1ehXtGclimTVckHmQ.htmljoin
Or if you are interested in one subject among the others, you can pay for one time. The notes that are available for one time purchase can be found below
motasem-notes.net/
Very well organized and well explained! thank you ! that was really helpful
Great content. Please share your entire notes with me, focusing on the sudo command.
NBA and full-blown, thanks for this video, this snort was so complicated, they really need some gui platform
what kind of packets are the ones you see in sniffer mode at 21:35?
This has been so helpful! Thank you!
Thank you, this section was very complicated
Superb! Very well organised and well explained. Can you sahre your notes please.
Hello, you can subscribe to the channel membership tier 2 to get access to all the notes, link below
th-cam.com/channels/NSdU_1ehXtGclimTVckHmQ.htmljoin
Or if you are interested in one subject among the others, you can pay for one time. The notes that are available for one time purchase can be found below
motasem-notes.net/
Great video, the room is vet long and a bit boring, your videos add enthusiasm
Sir task 3 answer 5 is NBA ❤
And thankyou so much sir 🙏🙏
Thank you too !
Nice Tutorial, many thanks
Can I ask what the notepad are you using?
I want to put notes in somewhere and looking for suitable note pad.
The same question :) can you find an answer ?
@@FunnyAnimals-ko8zz it's obsidian ;)
@@techskyrocket4101 Thanks Bro :)
thank you for these video. they have been helpful.
i am interested in your 974 page notes so it helps with easy referencing. does the package (priced at 34 dollars) contain the notes covering all your videos?thanks
Hello, did you mean the blue team notes?
hello motasem ty so much for your effort, i have 1 question ,where can I have or buy your notepad library?
Hello, you can subscribe to the channel membership tier 2 to get access to all the notes, link below
th-cam.com/channels/NSdU_1ehXtGclimTVckHmQ.htmljoin
Or if you are interested in one subject among the others, you can pay for one time. The notes that are available for one time purchase can be found below
motasem-notes.net/
Tysm@@MotasemHamdan
heeeyy mohamed great Containt.Please which tool has been used to keep documentation?
Heey, Its Obsidian.
@@MotasemHamdan between Soc analyst or Cloud what do you think?
Hi Motasem,
For 9.4 , same ip question, when I used the protocol as ip, I got the answer as 13.. Just wanted to confirm the reason behind using tcp and udp and also just to update changes to rev field are not needed
bro first you should remove the alert message that is generated as a result of the previous using the command "sudo rm -r alert". then open the local rule and add the tcp and udp rule as same as what Mr.Motasem Hamdan showed in this tutorial. Then you again run the rule. Then after you will get the answer 10.
1:20:15 - Network Behaviour Analysis - NBA. The second one is - full-blown.
What is the notebook you are using? I really like the way it tree's out. I am just using onenote.
Which snort mode works similar to NIPS mode? is a bhhaviour-based intrusion nba
Thank you Motasem, that task 7 question though. haha
I have everything set up. Snort trigger an alert when I ping the pc where it is installed. The problem is when I do a ping to another PC within my network, Snort doesnt detect it. I have my network card in promisc mode. Any idea why is this happening?
Thank you for sharing this video, but i have question. i have pcaps file and i want command to i see traffic and some Alerts
Thanks again another awesome video
Which snort mode works similar to NIPS mode? NBA
According to the official description of the snort, what kind of NIPS is it? full-blown
are your snort notes with the specific commands and explain what the commands do available online?
could you please provide a link to your notes? that would be helpful
Thank you so much for this. You are a life saver!
Can you please install and configure on windows server?
Great video thanks!
which app do you use for storing notes
Obsidian
Thank you Sir !
What is the name of the application in the taskbar marked with the letter s
Thank You habibi!!
19:45
can you provide the access to your notes?
Once you are subscribed to channel membership, you wil able to access sys admin notes for Linux and Windows.
You can also subscribe from here
www.buymeacoffee.com/notescatalog/membership
Which snort mode works similar to NIPS mode? NBA
full-blown - baselining
NBA training period is also known as ..?
Test the current instance with "/etc/snort/snort.conf" file and check how many rules are loaded with the current build. ?
baselining
:))
Answer: 4151 > sudo snort -T -c /etc/snort/snort.conf
Thank you so much.
Are you sharing your notes that you have saved?
i mean your notes library?
Hello, online access to notes is part of channel membership
th-cam.com/channels/NSdU_1ehXtGclimTVckHmQ.htmljoin
whats -dev means in sudo snort -dev -K ASCII -l .
Could you please specify at which minute:second in the video?
34:22 sudo snort -dev - K ASCII -l . @@MotasemHamdan your explanation is very nice man,god bless you,thank you.
Could anybody help me with the Task 4 Question 1 is the only question I'm missing, tried a lot of combinations with -V but no success
Answer: 149, type sudo snort -v
@@VeNoM____ thanks bro!!
what is rm?
Tool in Linux to remove files.
Good course , but the audio level is really low.
the answer of first one is NBA and the second is full-blown
According to the official description of the snort, what kind of NIPS is it -> full-blown😉
how can I block vpn packets mr?
thanks for video
Two missing answers are NBA and full-blown
Great video but dude turn off that alert noises that come up throughout the entire video. It scared me to death!
it is NBA
❤
NPA , full-blown
Hi Motasem, v lovely videos and explanations thank u.
I would like to connect with you regarding some 1:1 coaching for blue team studies. Kindly let me know ur email/id etc or whatsapp plz
Thank u 🙏🏾