Using Suricata to scan for attacks

pacosilva93 · January 20, 2022, 8:51pm

Hi guys, new to the forum here. I am currently enrolled in an online masters program for cybersecurity and I am currently stuck on an assignment. Was hoping for some help here.

For my assignment I was to use Suricata via a Ubuntu VM to scan for network vulnerabilities as well as an attack I performed through a Kali Linux VM.

Here’s the instructions:

Download the Suricata software and configure it on Ubuntu.
Implement an attack from Kali Linux to target Ubuntu.
Using Suricata, perform a network and vulnerability scan of your virtual network.

This is where I get confused and bogged down. The steps on my tutorial weren’t clear as to go about scanning on Suricata, but when researching it seems to be an option on pfSense that you can enable, which completely goes around the instructions.

When asking for a scan, I assumed they want PCAP Info, so I type in the command:

Suricata --pcap I get this:

What am I doing wrong here?

Specs:

Ubuntu (64-bit)

suricatalfon · January 21, 2022, 6:23am

Hí,

You have to indicate where suricata.yaml is located.
You have to specify in runmode
In suricata.yaml you have to indicate the interface:

    pcap:
   - interface: enp0s3

You have to indicate where the logs will be located.

Example:

sudo suricata --pcap --runmode autofp -c /etc/suricata/suricata.yaml -l ./log -vvv -knone

.

Topic		Replies	Views
Configure Suricata in Bridge Mode [Suricata 6.0.8] Help suricata	4	1115	November 7, 2022
Suricata not showing logs from windows Help ips , community , suricata	1	586	June 26, 2022
IPS test with F5 attack Help	1	560	June 5, 2021
Suricata in IPS Mode using PCAP Help	4	1113	February 5, 2022
pfSense - Allow All Traffic From Host Help ips	2	1603	July 27, 2021

Using Suricata to scan for attacks

Related Topics