Created this since I forsee this to be relatively large investment. Main goal is OSCP.

https://docs.google.com/spreadsheets/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/edit#gid=0

Two main systems to focus on for IDS: OSSEC and Snort. Consider deployment.

Cool site on different protocols in diagrammatic form: https://www.firewall.cx/networking-topics/protocols.html

Snort 3 installation steps (had trouble with Snort 2 for Windows 10), which was copied from link (which has a ridiculous number of ads), for Ubuntu 22.04 LTS:

# Install dependencies
sudo apt-get install build-essential libpcap-dev libpcre3-dev libnet1-dev zlib1g-dev luajit hwloc libdnet-dev libdumbnet-dev bison flex liblzma-dev openssl libssl-dev pkg-config libhwloc-dev cmake cpputest libsqlite3-dev uuid-dev libcmocka-dev libnetfilter-queue-dev libmnl-dev autotools-dev libluajit-5.1-dev libunwind-dev

# Grab repo sources
cd /srv/projects/snort/src
git clone https://github.com/snort3/libdaq.git
wget https://github.com/gperftools/gperftools/releases/download/gperftools-2.10/gperftools-2.10.tar.gz
tar xzf gperftools-2.10.tar.gz
git clone https://github.com/snortadmin/snort3.git

# Install libDAQ
cd /srv/projects/snort/src/libdaq
./bootstrap
./configure
make
sudo make install

# Install Tcmalloc
cd /srv/projects/snort/src/gperftools-2.10
./configure
make
sudo make install

# Install Snort 3
cd /srv/projects/snort/src/snort3
./configure_cmake.sh --prefix=/usr/local --enable-tcmalloc
cd build
make
sudo make install

# Update shared libraries
sudo ldconfig

https://docs.snort.org/start/configuration

https://www.malware-traffic-analysis.net/