[Snort-users] Problems with Snort Installation on Windows 7

ƒabricio - ttfabricio at ...125...
Wed Nov 13 05:03:48 EST 2013


Hello, i'm looking for some tutorials how install and use Snort on Windows7 or 8 ( i have both). I found some guides on winsnort.com, but they don't work at my windows 7(home basic, it needs the Professional), but i have Windows 8 Professional and the same thing... Well, let's continue.

I was using this tutorial: http://www.snort.org/assets/151/Installing_Snort_2.8.6.1_on_Windows_7.pdf and at some points some things didn't worked.

First: "After a couple of seconds you will see “Not Using PCAP_FRAMES”. Snort is now running and willalert you if a Rule is triggered. If a Rule us triggered the command prompt window will rapidly scrolltext."
In my Snort i don't see that message "Not Using PCAP_FRAMES".

Second:
"Using Notepad++, create a file on your Desktop called Snortstart.bat and place the following line ofcode in it:c:\snort\bin\snort -iX -s -l c:\snort\log\ -c c:\snort\etc\snort.conf (replace X with your Device Interfacenumber)Also create a shortcut on your Desktop for the Kiwi Syslog Server ConsoleOpen the Kiwi Syslog Server Console (if it isn't already)Now right-click and run Snortstart.bat as an Administrator. Wait (about thirty seconds) until you seethe familiar line “Not Using PCAP_FRAMES” at the end.Finally, open another command prompt window and run: ping google.com"
Ok, i created the .bat file and run as administrator. Again the message "Not Using PCAP_FRAMES don't appear. The snort loads the rules, etc, etc, etc... and stops at this point: Commencing Packet Processing. I waited about an one hour and nothing, still the same thing. At Kiwi Syslog, don't appear any alerts. Only if i press CTRL+T(to send test message to localhost). 
I used this command line snort -i 3 -c c:\snort\etc\snort.conf -A consoleThen snort run and can capture TCP, UDP and ICMP packges. But still 0 alerts on Kiwi Syslog.
I stopped the installation after this. I re-installed all the programs and started from the begin, but the same errors.
I really need help on the installation and how to use Snort as IDS, for my final project on my graduation.
Thanks and sorry for my bad english.

 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20131113/e0a80275/attachment.html>


More information about the Snort-users mailing list