Snort mailing list archives
Re: Snort-installlation.
From: J Doe <general () nativemethods com>
Date: Fri, 19 May 2017 20:20:25 -0400
On May 19, 2017, at 5:38 PM, Brian <brianhansen789 () gmail com> wrote: Hallo everyone! I am having trouble with my snort-installation. It cant be succesfully, because of the need for "wincap 4.1.1 But i have wincap on my pc, and a littel screen-window tells me the same. I have tried to overrite the existing wincap on my pc, but still no progress. Can someone give me a hint to succesfully my snort-installation. Last question.... As i understand the "snort-universe" - i need to install (using my "oinkcode") som of the packaede like "Daemonlogger", "OfficeCat" or/and some "Rules" to get the Snort-install. working corektly - Am i wright or lost.... :0) ??? Best regards Brian Hansen, Denmark
Hi Brian, I believe you are referring to WinPcap [1]. WinPcap is a Windows driver that provides libpcap style support for Windows hosts (libpcap is used by Snort to retrieve network traffic). You don't really want to overwrite any existing installation of it. Instead, use Add/Remove to uninstall the existing package, which will uninstall the driver. Next, download and install the most recent version of WinPCAP. I would also recommend rebooting your Windows host once the new driver is installed. To test WinPcap you can download and try WinDump [2]. This is the Windows equivalent of tcpdump. In terms of rules [3], there are the Talos community rules (free), the Talos commercial rules ($29/year for personal use, see Snort website for commercial fees), Emerging Threats (community sourced rule set), as well as the rules you can write as well. Your Oinkcode is involved in getting the Talos community rules - I'd start with that. You must register to receive your Oinkcode. Keep in mind that you will also need to modify: snort.conf to customize what you are monitoring, what portions of Snort are running, etc. Daemonlogger is not mandatory. To start off with I would recommend just parsing the snort log file (or running it as: tail -f log), to test it with some attack traffic and ensure that the rules you want are firing. You can choose to do logging to a syslog-style implementation on Window, write data to SQL data stores and so forth once you're comfortable with Snort. HTH, - J Sources: [1] https://www.winpcap.org/default.htm [2] https://www.winpcap.org/windump/default.htm [3] https://www.snort.org/downloads/#rule-downloads ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort-installlation. Brian (May 19)
- Re: Snort-installlation. J Doe (May 19)