Enjoy Upto 30% off on all Your Assignments ORDER NOW
+61480015851 whatsapp white icon +61480015851 info@myassignmentservices.com

FIT3031: Lab Environment Setup & Intrusion Detection Guide

Download Solution Order New Solution

Highlights

This guide explains how to set up the lab environment for Intel MacBooks (not Apple Silicon M Series) and complete the Intrusion Detection System (IDS) lab exercises using GNS3, VMware, and Snort.

Environment Setup

Step 1: Download Required Files

Download the following files to your Intel MacBook:

  • VMware Fusion Pro setup file (e.g., VMware-Fusion-13.6.4.dmg)

  • Wireshark for Intel Mac (e.g., Wireshark 4.4.8 Intel 64.dmg)

  • GNS3 setup file (specific version: GNS3-2.2.54.dmg)

  • Virtual Disk 1 (gns3vm-disk1.vmdk)

  • Virtual Disk 2 (gns3vm-disk2.vmdk)

Install VMware Fusion Pro

  • Run the setup file to install VMware Fusion Pro.

  • When asked for a license, choose Personal Use.

  • Grant access to “System Events” when prompted.

Step 3: Install GNS3

  • Run the GNS3 installer with the provided version.

  • If you already have another version, uninstall it first.

Setup GNS3 VM in VMware

Step 4.1: Create a Custom Virtual Machine

  • Open VMware Fusion → File → New → Create a Custom VM.

  • Choose Ubuntu 64-bit as the OS.

Step 4.2: Use Existing Virtual Disk

  • Select the option Use an existing virtual disk.

  • Browse and select gns3vm-disk1.vmdk.

Step 4.3: Customize VM Settings

  • Give the VM a name and finish setup.

  • Shut down the VM immediately after it boots.

Step 4.4: Adjust CPU, Memory, and Storage

  • Go to VM Settings → Processors & Memory.

  • Allocate at least 2 CPU cores and 4GB RAM.

  • Add another hard disk: Select Add Device → Existing Hard Disk → gns3vm-disk2.vmdk.

  • Adjust Network Adapter: Select Share with my Mac.

Step 5: Start GNS3 VM

  • Power on the GNS3 VM.

  • Note the displayed IP Address (e.g., 192.168.101.130).

  • Keep the VM running in the background for GNS3 to function.

Configure GNS3 on Host Mac

  • Open GNS3 on your Mac.

  • If prompted, confirm the connection.

  • Go to Preferences → Server.

  • Untick Enable Local Server.

  • Enter the IP address of the running GNS3 VM.

  • Username and password: gns3.

  • Save settings.

You should now see the GNS3 host connected successfully.

Accessing GNS3 VM Shell

  • Open Terminal on your Mac.

  • Enter: ssh gns3@

    • Example: ssh gns3@192.168.101.130

  • When prompted, type the password: gns3

  • You are now inside the VM shell.

Intrusion Detection Lab (Week 09)

Objective

Set up and configure an Intrusion Detection System (IDS) using Snort within GNS3 to monitor and analyze network traffic.

Lab Network Setup

You will create a network with:

  1. Open vSwitch (OVS) – Virtual switch with port-mirroring support.

  2. NAT Cloud – Provides internet access.

  3. Client Node – Generates traffic.

  4. Snort IDS Node – Detects malicious activities.

Steps to Build Network

(a) Add Open vSwitch

  • Import the appliance file into GNS3 (openvswitch.gns3a).

  • Drag and drop OVS into your project.

(b) Add NAT Cloud

  • Drag and drop NAT device into GNS3 project.

(c) Add Client

  • Use Ubuntu-24.04-plus-essentials image.

  • Rename it Client.

  • Enable DHCP for its network interface.

(d) Add Snort IDS

  • Use Ubuntu-24.04-plus-essentials image.

  • Rename it SnortIDS.

  • Increase network adapters to 2.

  • Configure both interfaces with DHCP.

(e) Configure Open vSwitch (OVS)

On GNS3 VM Shell, run the following steps:

  • Start Open vSwitch service.

  • Create a network bridge (br0) and add ports (eth0, eth1, eth2, eth10).

  • Configure port-mirroring so that traffic from eth1 is mirrored to eth10.

(f) Connect Devices

  • eth2 of OVS → eth0 of SnortIDS

  • eth10 of OVS → eth1 of SnortIDS

  • Client connected to eth1 of OVS

Configuring Devices

Configure SnortIDS Node

  • Update package lists.

  • Install Snort, Python3, and pip.

  • Enable custom rule configuration in .

  • Create rules in 

Example rule for ICMP detection:

  • Generate an alert when ICMP packets are detected (ping requests).

Example rule for TCP scans:

  • Detect any TCP scanning activities using Nmap.

Testing IDS

  1. From Client, ping 8.8.8.8 (Google DNS).

    • Snort will generate an ICMP alert.

  2. From Client, run an Nmap scan.

    • Snort will trigger TCP scan alerts.

  3. Check alerts by viewing Snort log file.

Offline Traffic Analysis

  • Download a pre-captured traffic dump.

  • Use Snort with -r option to analyze the dump.

  • Alerts will show suspicious traffic activities.

Reflection & Group Discussion

  • How can Snort function as an IPS (Intrusion Prevention System) instead of just IDS?

  • Does its position in the network need to change?

  • How do non-inline IPS systems operate in real-world organizations?

Assessment requirements

You are required to build a working virtual lab (Intel MacBooks only), deploy a GNS3 network that uses Open vSwitch (OVS) for port-mirroring, install and configure Snort as a passive IDS, generate test traffic and demonstrate detection (live and offline). The submission should show evidence the environment works and include reflective answers to the discussion questions.

Key deliverables / pointers to cover

  • Download and use the specified software images (VMware Fusion Pro, Wireshark, GNS3 v2.2.54, gns3vm vmdk files).

  • Create a GNS3 VM in VMware (Ubuntu 64-bit) using the two provided vmdk disks; allocate ≥2 CPU cores and 4 GB RAM; set network to “Share with my Mac.”

  • Configure GNS3 on the macOS host to connect to the running GNS3 VM (use the VM IP and gns3/gns3 credentials).

  • Build the lab topology in GNS3: OVS, NAT cloud, Client, Snort IDS (Snort node has two NICs).

  • Configure OVS bridge and port-mirroring so traffic from the Client is mirrored to the Snort monitoring port.

  • Install and configure Snort on the SnortIDS node; create and enable custom local.rules, demonstrate at least an ICMP rule and a TCP scan rule.

  • Generate test traffic (ping and nmap) and capture/record Snort alerts; show log evidence (/var/log/snort/alert).

  • Analyze an offline pcap with Snort and report findings.

  • Answer reflection questions (Snort as IPS vs IDS, non-inline IPS operation) and submit screenshots/logs, project files and a short reflective write-up.

How the Academic Mentor guided the student

The mentor’s role was to ensure the student understood objectives, followed safe and repeatable procedures, and produced verifiable evidence. The mentor walked the student through these stages:

A. Clarify scope and pre-checks

  • Review the brief and confirm platform requirements (Intel Mac only).

  • Verify downloads and exact GNS3 version—mentor stresses the must use provided GNS3 v2.2.54 to avoid compatibility issues.

B. Environment & VM setup

  • Show how to create a custom VM in VMware Fusion and attach gns3vm-disk1.vmdk and gns3vm-disk2.vmdk.

  • Advise resource allocation: set at least 2 CPU cores and 4 GB RAM and set network to “Share with my Mac.”

  • Instruct on starting the VM, locating the VM IP, and keeping the VM running while configuring host GNS3.

C. Host–VM connectivity

  • Demonstrate GNS3 host Preferences: disable the local server and point the server settings to the VM IP using gns3 credentials.

  • Validate connection and troubleshoot common issues (firewall, VM networking, wrong IP).

D. Topology build in GNS3

  • Guide device selection and naming (Open vSwitch, NAT cloud, Client, SnortIDS).

  • Explain NIC mapping and the importance of matching the diagram ports exactly (so mirroring works).

E. OVS & port-mirroring configuration

  • Show the logical steps to start OVS, create a bridge (br0), add the needed ports, and configure a mirror so eth1 traffic is mirrored to eth10 (monitoring port).

  • Explain why port-mirroring is used for IDS deployments.

F. Snort installation and rule management

  • Walk through apt updates, Snort installation, and enabling a snort_custom.conf that points to local.rules.

  • Demonstrate writing a simple ICMP rule, running Snort in monitoring mode, and viewing alerts.

  • Teach how to create more targeted rules (e.g. detect TCP scans) and how to test them with nmap.

G. Testing and evidence collection

  • Mentor supervises tests: ping 8.8.8.8 to trigger ICMP alerts; run nmap from Client to trigger TCP scan alerts.

  • Show how to read tail -n 50 /var/log/snort/alert, save screenshots, and export relevant logs and pcap outputs for submission.

H. Offline analysis and reflection

  • Demonstrate how to analyze a provided pcap using Snort’s offline mode (-r option) and interpret alerts.

  • Lead the student through answering reflection questions on IPS vs IDS placement and operational considerations for non-inline IPS deployments.

Final outcome what was achieved

Environment: Student delivered a functioning environment: VMware Fusion running the provided GNS3 VM, GNS3 host connected to the VM, and a GNS3 project with OVS, Client, NAT, and SnortIDS configured.

IDS functionality: Snort was installed and configured with a custom configuration. The student demonstrated detection of ICMP and TCP scan activity and produced logs and screenshots showing alerts. Offline pcap analysis produced additional alerts and was included in the submission.

Documentation & reflection: The student submitted:

  • GNS3 project file and VM IP used.

  • Screenshots of VM console (showing IP), GNS3 server connection, Snort running, and alert log outputs.

  • A short reflection answering: how Snort would need to be repositioned and configured to act inline as an IPS; and discussion of real-world non-inline IPS behaviour.

Learning objectives covered

By completing this lab the student demonstrated/learned to:

  • Set up virtualization (VMware) and integrate host GNS3 with a VM.

  • Configure and troubleshoot virtual networking for lab simulations.

  • Deploy and configure Open vSwitch to enable port-mirroring in a virtual environment.

  • Install, configure and test Snort IDS; write basic detection rules.

  • Perform live traffic generation (ping, nmap) and offline traffic analysis (pcap).

  • Interpret IDS alerts and log files and relate them to network events.

  • Critically reflect on IDS vs IPS placement and operational trade-offs.

  • Produce professional evidence: logs, screenshots, project files and a short analytical report.

Tutor tip for submission

Include the following in your submission: GNS3 project export, screenshots (VM console IP, GNS3 server status, Snort console and alert log), the local.rules used, a short lab report (method, results, discussion) and answers to reflection questions. These items demonstrate reproducible setup, detection, and understanding.

Access Your Assignment Sample or Get a Fresh Custom Solution

Looking for guidance to complete your assignment? You can download our sample solution to see a step-by-step approach and structure that can help you understand the topic better. Important: This sample is strictly for reference purposes only. Submitting it as your own work may lead to plagiarism penalties.

If you want a fully original, plagiarism-free assignment, our professional academic writers are ready to craft a custom solution tailored to your requirements. By ordering a fresh assignment, you’ll benefit from:

  • 100% original, well-researched content

  • Timely delivery to meet your deadlines

  • Expert guidance aligned with academic standards

  • Confidence that your submission is plagiarism-free

Take the smart approach to your academic success today.

[Download Sample Solution]  [Order Fresh Assignment]

 

 

Get It Done! Today

Country
Applicable Time Zone is AEST [Sydney, NSW] (GMT+11)
+

Every Assignment. Every Solution. Instantly. Deadline Ahead? Grab Your Sample Now.

Find My Solution

© Copyright 2026 My Uni Papers – Student Hustle Made Hassle Free. All rights reserved.