How To Install Snort On Windows

< WinPcap on Windows XP Pro SP2 | Coffee & Friends  | Testing Snort on Windows XP  Pro SP2 >

---

Snort on Windows XP  Pro SP2

What practise we accept in this session?

1. Snort, Win XP Pro SP2, PHP and WinPcap

2. Editing the snort.conf Config File

3. Download and Install Snort Rules

Snort, Win XP Pro SP2, PHP and WinPcap

At present, we are ready to install and configure Snort. Delight download Snort's executable for Windows at: Snort download. The electric current version is 2.8.6.

Double click the executable and follow the instructions displayed on the screen.

MySQL and ODBC already supported past default. We enable the IPv6 support. Click Side by side.

Select all the components and click Next.

Please use installation path without any spaces such every bit "C:\Program Files". White space known to have problems on Windows machines. Click Next.

Y'all can see the setup details by clicking the Show details button.

Look similar the installation was done successfully else error(s) will be displayed on the screen. The following screenshot shows the Snort's installation path and folders. If you want to uninstall Snort, run the Uninstall.exe file located on the Snort's root folder.

Editing the snort.conf Config File

Next, nosotros are ready to practice some basic configuration to make certain Snort can run properly without any error(s). The configuration file is snort.conf which located under C:\Snort\etc binder shown beneath.

Download and Install Snort Rules

Before configuring Snort, let download the Snort Rules files. In order to download Snorts' rule files (and update afterwards on), we need create an business relationship (register) at Snort.org and it is free. Information technology is besides useful in getting the Oinkmaster code to complete Oinkmaster installation later on. After creating an business relationship, use the credentials to login.

And so, download a proper Rules file (registered-user Release) which is a free version with delayed update Release. It is better to store the compressed file nether Snort root folder so when nosotros uncompress the file, it will overwrite any existing folders (older files and folders).

-----------------------------------------------------------------

By default the Snort'southward rules binder is empty.

Use 7-cipher file pinch tool to uncompress the tar/gz file. Choose Extract Here bill of fare which volition overwrite the existing, aforementioned folder and file names.

Just overwrite the existing, older files.

And then, the Snort's rules folder will be populated by the dominion files. Accept annotation that the .and then dominion files are for Linux/Unix system.

At present nosotros are ready to change snort.conf config file just to make snort operate properly at the nearly basic level. Have note that originally, this config file provided for Linux/Unix system. Open up snort.conf file in whatever unformatted text editor such every bit Wordpad. Change the following settings:

# Path to your rules files (this can exist a relative path)

# Note for Windows users:  You are advised to make this an absolute path,

# such as:  c:\snort\rules

var RULE_PATH ../rules

var SO_RULE_PATH ../so_rules

var PREPROC_RULE_PATH ../preproc_rules

To the following:

# Path to your rules files (this can be a relative path)

# Note for Windows users:  Yous are brash to brand this an accented path,

# such as:  c:\snort\rules

var RULE_PATH c:\snort\rules

var SO_RULE_PATH c:\snort\so_rules

var PREPROC_RULE_PATH c:\snort\preproc_rules

So, add the following dynamicpreprocessor DLL files which should be matched with the concrete files shown in the above screenshot.

###################################################

# Pace #four: Configure dynamic loaded libraries.

# For more data, run across Snort Transmission, Configuring Snort - Dynamic Modules

###################################################

# path to dynamic preprocessor libraries

dynamicpreprocessor file C:\Snort\lib\snort_dynamicpreprocessor\sf_dce2.dll

dynamicpreprocessor file C:\Snort\lib\snort_dynamicpreprocessor\sf_dcerpc.dll

dynamicpreprocessor file C:\Snort\lib\snort_dynamicpreprocessor\sf_dns.dll

dynamicpreprocessor file C:\Snort\lib\snort_dynamicpreprocessor\sf_ftptelnet.dll

dynamicpreprocessor file C:\Snort\lib\snort_dynamicpreprocessor\sf_sdf.dll

dynamicpreprocessor file C:\Snort\lib\snort_dynamicpreprocessor\sf_smtp.dll

dynamicpreprocessor file C:\Snort\lib\snort_dynamicpreprocessor\sf_ssh.dll

dynamicpreprocessor file C:\Snort\lib\snort_dynamicpreprocessor\sf_ssl.dll

Next, add the dynamicengine path and should likewise matched with the concrete file.

# path to base preprocessor engine

# dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so

dynamicengine C:\Snort\lib\snort_dynamicengine\sf_engine.dll

Next, comment the dynamicdetection setting.

# path to dynamic rules libraries

# dynamicdetection directory /usr/local/lib/snort_dynamicrules

---

< WinPcap on Windows XP Pro SP2 | Java & Friends  | Testing Snort on Windows XP  Pro SP2 >

Source: https://www.javaguicodexample.com/snortiisphpbaseperladodb6.html

Posted by: trappfrothe.blogspot.com

Share this post