[Snort-users] Newbie Alert!

Ian Campbell ianc at ...1500...
Wed Mar 7 17:46:34 EST 2001

Hello all, and sorry for this basic plea. I hope you won't shower and
besplatter me too heavily with your derision...

I've searched around www.snort.org for just a basic faq on getting started
etc, but didn't come up with much, so...

I'd like to play with a Snort box here at the office to monitor our internet
connection outside the firewall. Since I know nothing about *nix, I'd like
to do this on NT, so I downloaded the Win32 port and pcaplib, begged an
intel box off my boss, and am ready to get started. Based on some of the
posts I've read here, I was thinking about putting two NIC's in the box and
connecting one to my internal LAN, and connecting the other (without IP
address) to the hub between our IA router and FW. Does this sound like a
recommended configuration in terms of security, etc?

I plan to strip the NT OS down before installing this stuff in the same
manner as one would prior to installing, say, a Checkpoint FW on NT. I just
want to dink around with it a litte before attempting anything wild like
logging to a DB, or installing preprocessors, etc.

Can anyone just tell a poor novitiate if he's on the right track and offer
some commentary, or point me to a 'getting started' faq somewhere
(preferably with the emphasis on NT) that I could take a look at before
jumping in. Thanks and be gentle,


More information about the Snort-users mailing list