Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Windows support

From: "Michael Steele" <michaels () winsnort com>
Date: Sun, 12 Aug 2007 10:54:00 -0400
Dr. Govindavajhala,
 
Welcome to the unique world of Snort and Intrusion Detection.
 
What you are requesting is fairly simple to explain.
 
1) After installing WinPcap and Snort, use the -W switch to gather all the
information on the existing interfaces. The display will list them in
numerical order. You will need to use the number in your Snort run line in
order for Snort to properly link that interface.
 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
D:\win-ids\snort\bin>snort -W
 
   ,,_     -*> Snort! <*-
  o"  )~   Version 2.7.0-ODBC-MySQL-FlexRESP-WIN32 (Build 35)
   ''''    By Martin Roesch & The Snort Team: http://www.snort.org/team.html
           (C) Copyright 1998-2007 Sourcefire Inc., et al.
 
 
Interface       Device          Description
-------------------------------------------
1  \Device\NPF_GenericDialupAdapter (Adapter for generic dialup and VPN
capture)
2  \Device\NPF_{1CE13DC9-604B-4499-8A4D-0B05CD65B717} (VMware Accelerated
AMD PCNet Adapter (Microsoft's Packet Scheduler) )
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 
An example would be: snort -v -i2
 
The above example would run Snort in verbose mode on adapter 2
 
Kindest regards,
Michael...

WINSNORT.com Management Team Member
--
****************** Established ~ 2001 *******************
*          Visit Us @  <http://www.winsnort.com> http://www.winsnort.com
*
*      ~~ FREE WinIDS Snort installation guides ~~      *
*               ~~ FREE support forums ~~               *
* Snort: Open Source Network IDS -  <http://www.snort.org>
http://www.snort.org *
*********************************************************
 
 
From: snort-users-bounces () lists sourceforge net
[mailto:snort-users-bounces () lists sourceforge net] On Behalf Of sudhakar
govindavajhala
Sent: Saturday, August 11, 2007 9:37 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Windows support
 

Hello all,

I am a newbie to Snort.  How well is Snort supported on Windows?

I am able to run Snort in Linux.  But, I am not able to make it run on
Windows. The problem is that I am not able to tell Snort which interface to
use using the -i switch.  How do I figure out the interface name in Windows.
Windows shows "Wireless Network Connection 1", "Wireless Network Connection
2", etc. while I should be saying something like wnc1, wnc2, eth0, eth1,
ppp0, etc. 


How do I get the name of interface in Windows that I can pass it on to
Snort?  How is Windows support in Snort?


Thank you,
Sudhakar


Dr. Sudhakar Govindavajhala
Researcher, Princeton University 
http://www.cs.princeton.edu/~sudhakar/

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: