I know I could post this at IDS forum, but I consider myself newbe in IDS and in Hacking in general so I will just post my questions here.

I need instruction (easy step by step) on installing either 'nmap' or 'snort' so that I can use it on a Windows GUI.

My personal attempt on looking for such information and trying to do it myself didnt work for the following reasons:

*most instruction I found on the web are outdated.
*Nmapwin is outdated
*Most of them consider the user as an advanced user, thus no step by step instruction.

While using Nmap on command prompt is fairly easy, I didnt have much luck with snort.

Few questions:

*What is the best Freeware IDS?
*What is the best Commercial IDS?
*Can IDS tell if a firewall is using spoofed (fake) open port? I have a friend from a differant country who has set up a box for me to play with. He says he has installed Cisco PIX firewall, which nmap found out , along with the filtered ports,instantly with the "-P0" option; but not without it. What could be the reason?

I am trying to find out if it's possible to break into a box that is firewalled, while I am sure it is possible, I am trying to learn it from ground up. I think setting up a proper IDS and getting the right information is important before I look for information for the next step.

Any help is appreciated.


ps, So many questions........... So much to learn!!