• Snort is an Intrusion Detection System (IDS) and IntrusionPrevention System (IPS)• Snort can be used to block malware, and other intrusions onyour computer.• Snort, although initially programmed for Linux and otherCommand Line Interface (CLI) systems, can be configured to runon Windows.• Before configuring Snort to run on Windows, your system isrequired to have WinPCap and Barnyard installed.
• Before you can install Snort, your systemis require to have WinPCap 4.1.1 ornewer.• Open up a your web browser and go toyour preferred search engine.• Once there search for WinPCap anddownload the latest version.• In this case the latest version is 4.1.3.• After the download run the installer andgo through the program setup like youwould normally.
• Other than WinPCap the only other systemrequirement for installing Snort is Barnyard.• So, again, open up your browser and go to yoursearch preferred search engine.• Once there search for a Barnyard download forWindows, this may be a little difficult to find somake sure your include which OS you are using inthe search.• Once you find it, download it and run the installer.• Once the installer is running, go through theprogram setup like you normally would.
• First we need to find the program that we need to install.• So we open our web browser and go to any search engine.• Search for Snort and open the result link to the program website.• Once on the site go to the download section of the site.
• There are multiple sectionswith download links.• The one we are going todownload from is theBinaries section.• Under the Binaries listthere are multipledownload links.• We are looking for theInstaller with the right filetype to run on our OS.• We are using Windows, sowe are going to use theexecutable (.exe) file.• Download the file and runthrough the set up process.• If you are using InternetExplorer, you may have tosave the file and rename itas an .exe file.
• Now to download the your Snort rules, and get the program configuration started.• On the Snort site, click the get rules button and it will take you to the rules download page.• Here you are going to download the rules file that either matches or is closest to the version of Snort thatyou have downloaded.• Once downloaded extract the files to your Snort folder.
• Now we need to consult the documentation to configure Snort, which you can find on the Snort site,or if you prefer on just about any search engine.• Once you open your Snort documentation, read through and follow the instruction in order toconfigure your Snort program.
• The documentation istelling you to open the.conf file and edit certainlines in it.• To do this find the file inyour etc folder in yourSnort folder.• Right-click the programand open it withWordPad.• In the .conf fileyou are going tosearch for thelines that you areinstructed tochange .• Once you findthem, make thenecessarychanges.• Be sure to doublecheck yourchanges beforeyou save andclose the file.
• In Fig. 1 you are being asked to run commands in your Command Prompt, so open up yourCommand Prompt by opening your Start menu and searching “cmd”.• Run the first command that is asks you to, and your screen should look like figure 2, and from thisyou are going to find your interface number.• Fig. 1 then asks you to run a second command in which “X” is to be replaced with your interfacenumber, so if done correctly, you should get a long stream of data like in Fig. 3.Fig. 1Fig. 2Fig. 3
• You are now asked to open a new Command Prompt window and run the command “pinggoogle.com”.• If it is done correctly you should end up with two Command Prompt windows that look like the twoabove.
• The documentation now instructs you to close the previous two Command Promptwindows and open a new one.• Run the new command in your new Command Prompt window, and if no errorsoccur you window should look like the second figure.• If an error does occur, you will then need to open your .conf file in WordPadagain, and make correction to the appropriate lines, until running the command givesyou a screen similar to the one displayed in the second figure.• You can identify the necessary line by looking for the number within the <> in theerror message.