Snort

Printable View

July 9th, 2002, 10:23 PM
Euclid

Snort

I just downloaded and installed snort for windows and am having a bit of trouble. I installed it and then ran the snort file that configures everything threw the dos prompt. It finished and said that it was complete. The problem is that there is no Icon for snort anywhere to open it, it is not listed in Task Manager as being active but it is listed in ad/remove programs so it is installed. Is there supposed to be an icon for it or some indication that it is set up and working. Is there anything that I can do to see if it logs anything. I allready did a port scan and got nothing.

Any help would be apreciated

Thanks in advance
July 9th, 2002, 10:34 PM
nebulus200

Never tried to run snort in windows, but it is probably installed as a service. For NT check in control panel -> services, for win2k : control panel -> administrative tools -> services...

Hope that helps,

neb
July 9th, 2002, 10:50 PM
Euclid

Thanks
July 10th, 2002, 12:02 AM
Hadoob024

Where did you get the windows version of snort from? Is it from http://winpcap.polito.it/
July 10th, 2002, 12:26 AM
Euclid

no i got it from http://www.snort.org/dl/binaries/ but you do need winpcap installed to use it.
July 10th, 2002, 02:03 AM
cooledw

For Windows versions of snort try www.silicondefense.com.
July 10th, 2002, 02:20 AM
AngryBob

from what i remember you start snort from a command line.
July 10th, 2002, 08:43 PM
cooledw

I have used two versions for windows. One uses the windows installer and has a GUI
and the other runs from a command prompt. these are all at silicondefense under
downloads
July 10th, 2002, 11:51 PM
mrkangaroo

What is snort????????
July 11th, 2002, 03:55 AM
dantel

Answer to the last question first, snort is an IDS = Intrusion
Detection System. Basically a network sniffer that has signatures
of known host and network attacks. These signatures come in the
form of rules or plug-ins each meant to look for the "signature" of
a specific attack.

Original question - definately refer to silicondefense.com (referred to
in one of the above posts) if you will be using windows version.
Just installing snort will not get you all the way to where you want to
be, you need a log analyser/viewer, something to distill and make
sense of all of the alerts. I use snort with snarf to do this. silicon
defense has a great step by step to get this going. There is another
way besides command line to use snort for windows, an application
called IDSCenter - tried it, looks ok, but I prefer the snarf method.
Pretty cool stuff! The maker of snort just went commercial, selling
a preconfigured box with support if you need it.

The step by step is found under the tech support > windows snort
support area of the s.d. website.