Snort mailing list archives

Re: Finding a Win32 Snort

From: Roelof JT Jonkman <roel () SiliconDefense com>
Date: Mon, 11 Mar 2002 13:39:21 -0800

Richard,

I looked at the IDScenter config panels today after installing on Win2K.
It seems there is no socket logging facility available thru IDScenter.
(i.e. like snort -A unsock ...)


I don't have a windows box handy to verify the following, however I scanned
the source code quickly, and near as I know snort on windows should be able to
use the unsock logging facility.

Would I need to use command line to use a socket program to capture 
packet data?

My guess is that IDScenter doesn't have the unsock facility as an option.
I checked with Michael, and concluded that Snort on windows has the
unsock alert facility. You need to make sure you create a pipe by
the name of snort_alert (grep UNSOCK_FILE snort.h) that snort can
write to. 

Hope this helps.

Roel Jonkman
Security Engineer
http://www.SiliconDefense.com


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Finding a Win32 Snort Djinn D'Angel (Mar 08)
- Re: Finding a Win32 Snort Joe McAlerney (Mar 08)
- Re: Finding a Win32 Snort John Sage (Mar 08)
- Message not available
  - RE: Finding a Win32 Snort - Thank you. Djinn D'Angel (Mar 12)
- <Possible follow-ups>
- RE: Finding a Win32 Snort Frank Knobbe (Mar 08)
  - Re: Finding a Win32 Snort Roelof JT Jonkman (Mar 08)
    - Re: Finding a Win32 Snort Dr. Richard W. Tibbs (Mar 11)
    - Confused on obfuscation Paul Farley (Mar 11)
    - Re: Finding a Win32 Snort Roelof JT Jonkman (Mar 11)
- RE: Finding a Win32 Snort Michael Steele (Mar 10)