Intrusion Detection and Response

Wenhang Lu

Install and configure Snort

Hi guys,

I finally got my snort working. We have to use the Registered version of snort rules from Snort website. If you are using latest version of Snort then you will need to download  snortrules-snapshot-2982.tar.gz  rules

 

Snort Setup Instructions:

1. Download and install Snort version 2.9.8.2 exe

2. Sign in to Snort website and download rules ( snortrules-snapshot-2982.tar.gz ) under Rules -> Registered section

3. Extract the rules file ( snortrules-snapshot-2982.tar.gz ) using Winrar or 7-Zip

4. Copy all files from the extracted snortrules-snapshot-2982 folder to your Snort installation folder C:\Snort\  

                       NOTE: Overwrite any existing files

5. Edit your snort.conf file located in c:\snort\etc\ to your windows path

                      Here is my modified: snort.conf

6. Find your wireless/Ethernet interface # by typing: route print at the command prompt

7. Open a command prompt (cmd.exe) and navigate to folder “C:\Snort\bin” folder. ( at the Prompt, type cd c:\snort\bin )

8. To run snort enter the following command:

          snort -c c:\snort\etc\snort.conf -l c:\snort\log -i 4

Note:  My wireless interface # is 4

 

command