how to get windows xp snort ids installed properly

pretorian2k

whos the ids snort master

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

Plantwiz

pretorian2k wrote:

whos the ids snort master

Funny I was just reading a post about a similar post elsewhere last night....

Have you tried the Snort Forums?

keatron

I deploy and use snort, but only in a linux environment my friend, so I wouldn't be able to help you with the Windows XP setup.

Webmaster

No Snort master as you requested, but this should get you started (though there is more to it):

1. Download Snort from:
www.snort.org/dl/binaries/win32/

2. Install by running the download .exe

3. Download and install WinPcap 3.0 (sniffer):
http://winpcap.polito.it/install/default.htm

4. Download and install LibnetNT Drivers (required for advanced funtionality only, i.e. injection of TCP reset packets)
www.eeye.com/html/Research/Tools/libnetnt.html

5. Go to command line (Start, Run, cmd) and navigate to the Bin folder inside the Snort installation

folder (i.e. c:\snort\bin)

6. Run snort.exe to check parameters

7. Run snort.exe /SERVICE /INSTALL with desired options
(i.e. assign interface, log dir (required, set to c:\snort\log\ for example) /file, log type)
You don't need to install it as a service btw (i.e. leave out /service /install)

8. After the installation you can find a faq.pdf in the snort\doc\ folder, check out the section How to start Snort as a win32 service?

9. Download and install IDS Policy Manager For Windows 2000/XP (since your running it on Windows, why not use a GUI for the rules

)
www.activeworx.org/programs/idspm/

10. Have fun!