[Snort-users] snort in win32

Justin Heath justin.heath at ...11827...
Wed Feb 23 19:58:42 EST 2005


Dont need to reboot.

Didn't see a test in yours, but what the hell.

# time tcpdump -i eth0 -vn -c 1
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
21:43:00.407714 IP (tos 0x10, ttl  64, id 62247, offset 0, flags [DF],
length: 76) X.X.X.X > X.X.X.X: [udp sum ok] NTPv4 client, strat 0,
poll 6, prec -20 dist 0.000000, disp 16.283264, ref
(unspec)@0.000000000 orig 0.000000000 rec 0.000000000 xmt
3318205380.407647013
1 packets captured
1 packets received by filter
0 packets dropped by kernel

real    0m0.331s
user    0m0.000s
sys     0m0.003s



On Wed, 23 Feb 2005 18:17:56 -0800, Michael Steele
<michaels at ...9077...> wrote:
> Yah, but you never included a reboot and test ;)
> 
> Kindest regards,
> Michael...
> 
> WINSNORT.com Management Team Member
> --
> Pick up your FREE Windows or UNIX Snort installation guides
> mailto:support at ...9077...
> Website: http://www.winsnort.com
> Snort: Open Source Network IDS - http://www.snort.org
> 
> > -----Original Message-----
> > From: snort-users-admin at lists.sourceforge.net [mailto:snort-users-
> > admin at lists.sourceforge.net] On Behalf Of Justin Heath
> > Sent: Wednesday, February 23, 2005 6:03 PM
> > To: spamtrap at ...9077...
> > Cc: snort-users at lists.sourceforge.net
> > Subject: Re: [Snort-users] snort in win32
> >
> > Hmmm ...
> >
> > # time emerge libpcap
> >
> > real    0m50.320s
> > user    0m30.705s
> > sys     0m11.134s
> >
> >
> > On Tue, 22 Feb 2005 20:10:52 -0800, Michael Steele
> > <michaels at ...9077...> wrote:
> > > Ok, I just did a new install of WinPcap and Snort (on XP), no
> > configuration
> > > = 1 minute and 50 seconds (which included a reboot and testing the
> > > connection - 'snort -v -i1').
> > >
> > > Kindest regards,
> > > Michael...
> > >
> > > WINSNORT.com Management Team Member
> > > --
> > > Pick up your FREE Windows or UNIX Snort installation guides
> > > mailto:support at ...9077...
> > > Website: http://www.winsnort.com
> > > Snort: Open Source Network IDS - http://www.snort.org
> > >
> > > > -----Original Message-----
> > > > From: snort-users-admin at lists.sourceforge.net [mailto:snort-users-
> > > > admin at lists.sourceforge.net] On Behalf Of Willy, Andrew
> > > > Sent: Tuesday, February 22, 2005 6:55 AM
> > > > To: snort-users at lists.sourceforge.net
> > > > Subject: RE: [Snort-users] snort in win32
> > > >
> > > > I think you're exaggerating how easy it is to get winpcap installed on
> > > > Windows.  My installation required a reboot, too.
> > > >
> > > > Regards,
> > > >
> > > > Andrew
> > > >
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: Michael Steele [mailto:michaels at ...9077...]
> > > > Sent: Tuesday, February 22, 2005 12:51 AM
> > > > To: snort-users at lists.sourceforge.net
> > > > Subject: RE: [Snort-users] snort in win32
> > > >
> > > >
> > > > You need to do Windows, say 10 times and I will guarantee you it's
> > easier
> > > > on
> > > > Windows. I've done them all and Windows is by far easier for those
> > that
> > > > are
> > > > experienced in both, well, unless the installer is brain dead in one
> > or
> > > > the
> > > > other.
> > > >
> > > > You say:
> > > > 'apt-get install snort'
> > > >
> > > > Windows (you don't even know how to type, but then again you need to
> > know
> > > > how to use a mouse) ;)
> > > > double left-click 'winpcap.exe'
> > > > double left-click 'snort.exe'
> > > >
> > > > Kindest regards,
> > > > Michael...
> > > >
> > > > WINSNORT.com Management Team Member
> > > > --
> > > > Pick up your FREE Windows or UNIX Snort installation guides
> > > > mailto:support at ...9077...
> > > > Website: http://www.winsnort.com
> > > > Snort: Open Source Network IDS - http://www.snort.org
> > > >
> > > >
> > > > > -----Original Message-----
> > > > > From: snort-users-admin at lists.sourceforge.net [mailto:snort-users-
> > > > > admin at lists.sourceforge.net] On Behalf Of James Riden
> > > > > Sent: Monday, February 21, 2005 6:47 PM
> > > > > To: snort-users at lists.sourceforge.net
> > > > > Subject: Re: [Snort-users] snort in win32
> > > > >
> > > > > "Michael Steele" <michaels at ...9077...> writes:
> > > > >
> > > > > >    If you can't even get Snort to work using Windows, how in the
> > hell
> > > > > are
> > > > > >    you EVER going to get LINUX to work?
> > > > >
> > > > > 'apt-get install snort' ?
> > > > >
> > > > > Just to point out the obvious: if you're used to Linux, Linux is
> > > > > easier and if you're used to Windows, Windows is easier. I'm onto my
> > > > > 8th or so installation on UNIX and haven't done any Windows ones
> > yet,
> > > > > so I'd find it harder to get a Win32 version going than a Linux one.
> > > > >
> > > > > --
> > > > > James Riden / j.riden at ...11179... / Systems Security Engineer
> > > > > Information Technology Services, Massey University, NZ.
> > > > > GPG public key available at: http://www.massey.ac.nz/~jriden/
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > -------------------------------------------------------
> > > > > SF email is sponsored by - The IT Product Guide
> > > > > Read honest & candid reviews on hundreds of IT Products from real
> > users.
> > > > > Discover which products truly live up to the hype. Start reading
> > now.
> > > > > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> > > > > _______________________________________________
> > > > > Snort-users mailing list
> > > > > Snort-users at lists.sourceforge.net
> > > > > Go to this URL to change user options or unsubscribe:
> > > > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > > > Snort-users list archive:
> > > > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > -------------------------------------------------------
> > > > SF email is sponsored by - The IT Product Guide
> > > > Read honest & candid reviews on hundreds of IT Products from real
> > users.
> > > > Discover which products truly live up to the hype. Start reading now.
> > > > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> > > > _______________________________________________
> > > > Snort-users mailing list
> > > > Snort-users at lists.sourceforge.net
> > > > Go to this URL to change user options or unsubscribe:
> > > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > > Snort-users list archive:
> > > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > > > NOTICE OF CONFIDENTIALITY-The information in this email, including
> > > > attachments, may be confidential and/or privileged and may contain
> > > > confidential health information. This email is intended to be reviewed
> > > > only
> > > > by the individual or organization named as addressee. If you have
> > received
> > > > this email in error please notify Scottsdale Medical Imaging, an
> > affiliate
> > > > of Southwest Diagnostic Imaging, LTD immediately - by return message
> > to
> > > > the
> > > > sender or to support at ...13018... - and destroy all copies of this
> > message
> > > > and
> > > > any attachments. Please note that any views or opinions presented in
> > this
> > > > email are solely those of the author and do not necessarily represent
> > > > those
> > > > of Scottsdale Medical Imaging. Confidential health information is
> > > > protected
> > > > by state and federal law, including, but not limited to, the Health
> > > > Insurance Portability and Accountability Act of 1996 and related
> > > > regulations.
> > > >
> > > >
> > > > -------------------------------------------------------
> > > > SF email is sponsored by - The IT Product Guide
> > > > Read honest & candid reviews on hundreds of IT Products from real
> > users.
> > > > Discover which products truly live up to the hype. Start reading now.
> > > > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> > > > _______________________________________________
> > > > Snort-users mailing list
> > > > Snort-users at lists.sourceforge.net
> > > > Go to this URL to change user options or unsubscribe:
> > > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > > Snort-users list archive:
> > > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > >
> > > -------------------------------------------------------
> > > SF email is sponsored by - The IT Product Guide
> > > Read honest & candid reviews on hundreds of IT Products from real users.
> > > Discover which products truly live up to the hype. Start reading now.
> > > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users at lists.sourceforge.net
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > >
> >
> >
> > -------------------------------------------------------
> > SF email is sponsored by - The IT Product Guide
> > Read honest & candid reviews on hundreds of IT Products from real users.
> > Discover which products truly live up to the hype. Start reading now.
> > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>




More information about the Snort-users mailing list