I finaly managed to get snort installed and running on my Windows 98 SE box.

The file Alert.ids was created and placed in the directory:

C:\Inetpub\wwwroot\Logs\


C:\snort\snort -W

Note: snort was installed in C:\Snort. But there was no bin directorys created,

Snort displayed the available network adapters:

My PCI ethernet card was shown to be on fe100 as the first adapter.

C:\snort\snort -c c:\snort\snort.conf -l c:\Inetpub\wwwroot\Logs i1

Snort.exe was found in my C:\snort directory, NOT c:\snort\bin\ as c:\snort\bin was not created during install.

So I get stuff:

Initializeing network interface fe100

Initializeing snort
....
.
...
.
Initialization complete.

I then checked to see if alet.ids was created, it was, so I opened with notepad, and it was empty:::

Can someone tell me why it is not logging to alert.ids. I did open a few web sites before looking at alert.ids

I played a little with snort for Windows, and I think that I initially had the same problem. Double-check to make sure your rules are configured properly in snort.conf, assuming that's where your rules are being pulled from.

I just downloaded a program called snot, This is suposed to generate alerts with the preprocessor stream4 turned off.

but when I ran it, I mistakenly used the subnet mask 24 on my ip instead of the more spasific 31. I sent 5 random packets with a max delay of 10 seconds. I noticed it did not send them to me. I specified 24.x.x.x/24 where 24.x.x.x is my ip address. But now I realize that will target a bunch of computers.

I am woryed with the 5 packets I sent, to random hosts, if I could get into Legal trouble.

I guess if anyone asks I could explain what hapened but I would prefer not to have a visitor late at night knocking at my door.

Can anyone tell me if I have anything to wory about?