Re: Snort-installlation.

[J Doe <general () nativemethods com>]

> On May 19, 2017, at 5:38 PM, Brian <brianhansen789 () gmail com> wrote:
>
> Hallo everyone!
> I am having trouble with my snort-installation.
> It cant be succesfully, because of the need for "wincap 4.1.1
> But i have wincap on my pc, and a littel screen-window tells me the same.
> I have tried to overrite the existing wincap on my pc, but still no 
> progress.
> Can someone give me a hint to succesfully my snort-installation.
>
> Last question....
> As i understand the "snort-universe" - i need to install (using my 
> "oinkcode") som of the packaede like "Daemonlogger", "OfficeCat" or/and 
> some "Rules" to get the Snort-install. working corektly
> - Am i wright or lost.... :0) ???
>
> Best regards
> Brian Hansen, Denmark

Hi Brian,

I believe you are referring to WinPcap [1].  WinPcap is a Windows driver that provides libpcap style support for 
Windows hosts (libpcap is used by Snort to retrieve network traffic).

You don't really want to overwrite any existing installation of it.  Instead, use Add/Remove to uninstall the existing 
package, which will uninstall the driver.  Next, download and install the most recent version of WinPCAP.  I would also 
recommend rebooting your Windows host once the new driver is installed.

To test WinPcap you can download and try WinDump [2].  This is the Windows equivalent of tcpdump.

In terms of rules [3], there are the Talos community rules (free), the Talos commercial rules ($29/year for personal 
use, see Snort website for commercial fees), Emerging Threats (community sourced rule set), as well as the rules you 
can write as well.

Your Oinkcode is involved in getting the Talos community rules - I'd start with that.  You must register to receive 
your Oinkcode.

Keep in mind that you will also need to modify: snort.conf to customize what you are monitoring, what portions of Snort 
are running, etc.

Daemonlogger is not mandatory.  To start off with I would recommend just parsing the snort log file (or running it as: 
tail -f log), to test it with some attack traffic and ensure that the rules you want are firing.  You can choose to do 
logging to a syslog-style implementation on Window, write data to SQL data stores and so forth once you're comfortable 
with Snort.

HTH,

- J

Sources:
[1] https://www.winpcap.org/default.htm
[2] https://www.winpcap.org/windump/default.htm
[3] https://www.snort.org/downloads/#rule-downloads
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!