Snort uses a flexible rules language to describe traffic that it should collect or pass, as well as a detection engine that uses a modular plug-in architecture
.Snort has a real-time alerting capability as well, incorporating alerting mechanisms for syslog, a user-specified file, a UNIX socket, or WinPopup messages to Windows clients using Samba's smbclient. Snort has three primary uses. It can be used as a straight packet sniffer like tcpdump, a packet logger (useful for network traffic debugging and so), or as a full-blown network intrusion prevention system. [Source: Snort Web site & Webopedia Web site]
Because Snort is an open source, each user has to tweak the Snort program for their use. Below is a easy to follow PowerPoint presentation to make your experience smoother.
.
My experience took me about a whole school day to complete and another day to document the process and create the above PowerPoint presentation. Each step was an adventure in itself with a few pitfalls to challenge my patience. However, the bigger the challenge the more committed I become in overcoming it.
The assignment was to find Snort and follow the instructions to prepare, install and configure Snort for your computer. Warning: Snort can run on both Linux and Windows, so make sure you are following the correct instructions.
I began with the search-engine GOOGLE and searched for snort. www.snort.org.
1st Pitfall was to click on download Snort and figure out the next steps. I tried to install the installer but it did not work. Did some research and found out I needed to add an .exe extension to install it because right now it was saved as a Linux installer. However, I was caution to go back to the snort website to look at the requirements before I installed Snort, I would need to prepare my computer. So back to Snort, I went.
At the Snort website, I looked at requirements for the first time and thought to myself. Take the time to read instructions... I click on Requirements icon and found out a note for Windows user: If you're downloading Snort binaries the only requirements are WinPCap and Barnyard. I clicked on WinPcap, downloaded and installed it. Easy, no problem....
2nd Pitfall was installing Barnyard. I scrolled down and saw Barnyard2 and tried downloading and installing it, but it would not work. Oops, what's next? Once again, I decided to search Google for the Barnyard for Windows and looked through a few links and decided on the following site.
http://napalmpiri.info/2009/06/10/windows-snort-and-barnyard/
It stated, "When installing Snort on Windows [...], the requirements include Winpcap and Barnyard.. Unfortunately Barnyard for Windows is not that easy to find: as you can read here, you can find a packaged Barnyard for Windows at http://codecraftconsultants.com/Barnyard/, including source." And, "It may be useful, although not ready for production deployment."
I double-click on it and found the following link: Barnyard_02_Build19_Installer.exe downloaded, renamed it with an .exe extension and installed it. Yes, Barnyard done.
3rd Pitfall, I went back to the Snort website. The next step was to download the rules, I did that however, it did not work. So, I went back to Google and searched for Rules for installing Snort on a Windows platform and I clicked on the pdf file for installing Snort 2.8.6.1.on Windows 7 link.
http://www.snort.org/assets/151/Installing_Snort_2.8.6.1_on_Windows_7.pdf
I hope my experience helps you to avoid some of the pitfalls in setting up Snot. Please feel free to add any comments or suggestions below:
No comments:
Post a Comment