[Snort-users] Win32 Port of Snort

Chris Reid Chris.Reid at ...2817...
Mon May 20 14:15:02 EDT 2002


I've added support for proper Win32 services in snort 1.9 (without any
dependency on srvany, etc).  This has already been added to CVS (as of
mid-March 2002).  Michael Steele is in the final stages of back-porting this
functionality to 1.8.  I'm not sure about when/if he plans on releasing this
functionality -- you'd have to check with him.

The '-l' switch is not used for the Win32 service in snort 1.9.  Other
command-line parameters are used instead.  Get the 1.9 source code from CVS
to see this functionality.

Chris Reid


----- Original Message -----
From: "McCammon, Keith" <Keith.McCammon at ...3497...>
To: "Michael J Worden" <mjworden at ...2784...>;
<snort-users at lists.sourceforge.net>
Sent: Monday, May 20, 2002 2:25 PM
Subject: RE: [Snort-users] Win32 Port of Snort


Not sure about 1, but as far as 2 is concerned, just deactivate (un-check)
TCP/IP on your monitoring interface within the network connection
properties.

-----Original Message-----
From: Michael J Worden [mailto:mjworden at ...2784...]
Sent: Monday, May 20, 2002 4:04 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Win32 Port of Snort





I'm in the process of comparing the functionality of Snort for Win32 (on
Windows 2000) with the versions I've been running on Linux for some time.
I'm finding Snort on Win32 almost useable with a few exceptions (of course,
I'm just getting started...):

My two big questions are:

1)  Is the ability to run as a service lost in the current version?  In the
faq, this has been added as of snort-1.6.3-patch2.  But the '-I' switch is
now allocated to a different function.  (Yes, I know about the 'srvany.exe'
option.  I've not had great experiences with srvany, and would like to
avoid it).

2)  Is there an option to forego the IP address on a Windows 2000
interface?  I'd like to avoid having my promiscuous mode adapter being
addressable.


Thanks in advance...


--
Michael Worden



_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users






More information about the Snort-users mailing list