Classes‎ > ‎

Introduction to Snort

Introduction to Snort Course Description


This five (5) day course is designed to introduce the IT security professional to the world's most effective and widely used Intrusion Detection System (IDS), Snort. When the students complete the course they will have;

    (1) a fundamental understanding of the inner architecture of Snort;

    (2) an ability to write their own custom Snort rules;

    (3) configure Snort to output its alerts to a database for further analysis

    (4) tune Snort for optimal performance

    (5) how to install and configure Snort as an effective IDS/IPS

    (6) choose an appropriate GUI interface for analysis

This course will be taught with hand-on labs using Snort in a Debian Linux environment.


Target Audience:

This course is designed  for network administrators, security administrators, security consultants, and
other security professionals. Even those using other manufacturer's IDS's will gain from this course as it
will convey the basic inner workings of any IDS.


Although their are no prerequisites for this course, we have found that those with a solid understanding of 
TCP/IP protocol  structure and Linux/Unix gain the most from the course. For those without this background, we spend part of the first day
introducing these concepts and techniques to give the student adequate knowledge to complete the course .

Course Outline:

Day 1

                Introduction to Snort

                            Network Traffic Analysis 

                            TCP/IP Fundamentals

                            Linux/Unix  Fundamentals

                            Attack Vector Analysis


Day 2

                Installing, configuring SNORT

                                Configuration file


                                Sensor placement


                                Packet capture and analysis



Day 3-4

                Rule writing

                                Dynamic rules

                                Testing rules

                                Optimizing rules

                                Statistical analysis

Day 5

                Management tools



                                Performance Tuning and thresholding  

                                Log and Alert analysis

                                Data Analysis Tools

                                Installing and Using Barnyard


$995 for this five (5) day course

To register, or for more information, contact us at

To view our course schedule, go to Course Schedule.

Snort is a registered trademark of SourceFire Inc.

Snort Training Institute is not associated with Sourcefire Inc.

Snort is a registered trademark of Cisco and/or it's affiliates.

Snort Training Institute is not associated with Cisco Inc or any of  it's affiliates.


keith debus www.your-virtual-cio.comby keith debus