Start with snort and the ruleset from
http://www.emergingthreats.net/
Then read the rules! This will give you an idea what an attack looks like.
Learn how attacks are performed.
TBH, very few actual penetrations happen by random attacks... most are targeted spearphishing attacks or client side vulnerabilities.
Set up a 'honeypot' in a DMZ on your own network. Use purposely vulnerable services in this and examine the logs to see what happens when a bot attempts to penetrate.
This is not something you'll pick up overnight. You can't just learn an aspect of infosec, you need a good coherent overview.