[Snort-users] Win32 Port of Snort

Michael Steele michaels at ...155...
Mon May 20 21:48:01 EDT 2002


Michael,

I am currently looking at the code and getting ready to incorporate it
into the 1.87bxxx version of Snort. Hopefully I'll have a release
version ready very soon. If can leave me an email if you are interested
in trying it out before I release it.

As far as the INSTSRV file from Microsoft; it has been working
flawlessly here. I know some users are having problems and that may be
related to other factors that our machine has not been made visible too.
Our Windows box is ONLY a sensor and we run nothing else. It has also
been extensively hardened, which may be another reason why it has
virtually no problems in our test environment. I am looking forward to
getting a built-in way to run Snort as a service.

In response to item 2; this is the way we do it here for promiscuous
mode.

Do a Snort -W and get the number and ID of the interface that you want
to run with no IP.

Start the registry editor (Regedit) 

Move to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\In
terfaces 

Select the required interface using the ID that you got using the -W
switch
 
Note: there are to keys for each interface, be sure to place the
IPAutoconfigurationEnabled into the proper registry setting. It will
have an actual IP address in one of the settings.



More information about the Snort-users mailing list