[Snort-users] Problems with Snort Installation on Windows 7
ttfabricio at ...125...
Wed Nov 13 05:03:48 EST 2013
Hello, i'm looking for some tutorials how install and use Snort on Windows7 or 8 ( i have both). I found some guides on winsnort.com, but they don't work at my windows 7(home basic, it needs the Professional), but i have Windows 8 Professional and the same thing... Well, let's continue.
I was using this tutorial: http://www.snort.org/assets/151/Installing_Snort_184.108.40.206_on_Windows_7.pdf and at some points some things didn't worked.
First: "After a couple of seconds you will see “Not Using PCAP_FRAMES”. Snort is now running and willalert you if a Rule is triggered. If a Rule us triggered the command prompt window will rapidly scrolltext."
In my Snort i don't see that message "Not Using PCAP_FRAMES".
"Using Notepad++, create a file on your Desktop called Snortstart.bat and place the following line ofcode in it:c:\snort\bin\snort -iX -s -l c:\snort\log\ -c c:\snort\etc\snort.conf (replace X with your Device Interfacenumber)Also create a shortcut on your Desktop for the Kiwi Syslog Server ConsoleOpen the Kiwi Syslog Server Console (if it isn't already)Now right-click and run Snortstart.bat as an Administrator. Wait (about thirty seconds) until you seethe familiar line “Not Using PCAP_FRAMES” at the end.Finally, open another command prompt window and run: ping google.com"
Ok, i created the .bat file and run as administrator. Again the message "Not Using PCAP_FRAMES don't appear. The snort loads the rules, etc, etc, etc... and stops at this point: Commencing Packet Processing. I waited about an one hour and nothing, still the same thing. At Kiwi Syslog, don't appear any alerts. Only if i press CTRL+T(to send test message to localhost).
I used this command line snort -i 3 -c c:\snort\etc\snort.conf -A consoleThen snort run and can capture TCP, UDP and ICMP packges. But still 0 alerts on Kiwi Syslog.
I stopped the installation after this. I re-installed all the programs and started from the begin, but the same errors.
I really need help on the installation and how to use Snort as IDS, for my final project on my graduation.
Thanks and sorry for my bad english.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users