Knowledgebase

How to Set up and configure Snort on Windows Server OS  Print this Article

 

Snort, an open-source software, has the ability to detect and prevent intrusions on both Linux and Windows.

Install Required Software

WinPcap

The first step is to install WinPcap, which is the driver used for packet sniffing. Visit their website for WinPcap download and installation instructions.

The installation of WinPcap is quite simple. Click on the installer and restart your computer once it has finished.

Install Snort

Snort is available for download on their website.

Download and execute the latest Snort windows installation package. You will need to run this program as an administrator. Follow the instructions and recommendations on Snort.org for the optimal installation.

Modify Snort Configuration

We will need to change some values in the c:\snort\etc\snort.conf file.
Open a text application. Open the snort.conf file and find the lines highlighted below:

var RULE_PATH ../rules
var PREPROC_RULE_PATH ../preproc_rules

Once you find these lines, modify them to reflect our default install path (c:\snort) as seen below:

var RULE_PATH c:\snort\rules

var PREPROC_RULE_PATH c:\snort\preproc_rules

Save and close the file.

Test Your Installation

Open a command prompt as Administrator, cd to the “C:\Snort\Bin” directory and run “snort.exe -W” to see a list of interfaces available to Snort.

Start Snort

Execute the following command in the command prompt to start sniffing packets:

snort.exe -i 1 –vd

Common Snort Commands

Here are some common Snort Windows commands to get you started:

cd c:\snort\bin

-W – checks available network devices to capture from

-d – starts dumping network captures

-l – logs the captures

-K ascii – formats the dump in ascii

Snort offers a manual for installing and configuring the program.

 

Was this answer helpful?

Related Articles

How To Activate Windows Server 2012 R2 Trial License
Hi Thank you for choosing service from Host4Fun . Go to run > cmd > slmgr.vbs /rearm and...
How to enable ping response on Windows Server 2008
By default Windows Server 2008 firewall blocks ping requests. To enable please follow the...
How to enable ping response on Windows Server 2012
By default Windows Server 2012 firewall blocks ping requests. To enable please follow the below...
How to fix CentOS 6 : YumRepo Error: All mirror URLs are not using ftp, http[s] or file.
Hi , Thank you for choosing Service from Host4Fun.Com. When we run command "yum update" on our...
How to fix CentOS 6 error
For Guide Visit :...