Snort 2.1.x support on Win32

["Koski, Brian" <bkoski () ci citrus-heights ca us>]

FYI - for some of you having issue with the newer versions of Snort on
Win2k/XP...
 
1) Make sure you have installed WinCap v3.0
 
2) If you updated Snort i.e. 2.1.2 or 2.1.3 from realier versions, you
need to use the new snort.conf file and remodify it. There are changes
in the file - such as http_decode is now http_inspect:
 
preprocessor http_inspect: global \
    iis_unicode_map unicode.map 1252 
 
preprocessor http_inspect_server: server default \
    profile all ports { 80 8080 8180 } oversize_dir_length 500

... the snort test will balk at the "global" if you don't reconfigure
for this; also make user you have the unicode/map file in the path.
(Best approach I have found is to turn off http_decode in IDSCenter and
edit/add the appropriate http_inspect parameters). Refer to the new
Snort documentation.
 
 
3) IDSCenterRC4 DOES run with Snort 2.1.3... IF you don't reload your
old - pre2.1.x config. (see above)
 
Hope this helps.
 
Brian Koski
Principal I.T.  Analyst
City of Citrus Heights
Work: 916-727-4735