Knowledgebase
How to Set up and configure Snort on Windows Server OS Print this Article
Snort, an open-source software, has the ability to detect and prevent intrusions on both Linux and Windows.
Install Required Software
WinPcap
The first step is to install WinPcap, which is the driver used for packet sniffing. Visit their website for WinPcap download and installation instructions.
The installation of WinPcap is quite simple. Click on the installer and restart your computer once it has finished.
Install Snort
Snort is available for download on their website.
Download and execute the latest Snort windows installation package. You will need to run this program as an administrator. Follow the instructions and recommendations on Snort.org for the optimal installation.
Modify Snort Configuration
We will need to change some values in the c:\snort\etc\snort.conf file.
Open a text application. Open the snort.conf file and find the lines highlighted below:
var RULE_PATH ../rules
var PREPROC_RULE_PATH ../preproc_rules
Once you find these lines, modify them to reflect our default install path (c:\snort) as seen below:
var RULE_PATH c:\snort\rules
var PREPROC_RULE_PATH c:\snort\preproc_rules
Save and close the file.
Test Your Installation
Open a command prompt as Administrator, cd to the “C:\Snort\Bin” directory and run “snort.exe -W” to see a list of interfaces available to Snort.
Start Snort
Execute the following command in the command prompt to start sniffing packets:
snort.exe -i 1 –vd
Common Snort Commands
Here are some common Snort Windows commands to get you started:
cd c:\snort\bin
-W – checks available network devices to capture from
-d – starts dumping network captures
-l – logs the captures
-K ascii – formats the dump in ascii
Snort offers a manual for installing and configuring the program.
Was this answer helpful?
Related Articles
Hi Thank you for choosing service from Host4Fun . Go to run > cmd > slmgr.vbs /rearm and...
By default Windows Server 2008 firewall blocks ping requests. To enable please follow the...
By default Windows Server 2012 firewall blocks ping requests. To enable please follow the below...
Hi , Thank you for choosing Service from Host4Fun.Com. When we run command "yum update" on our...
For Guide Visit :...