1. Download snort
2. Register on snort website to download snort rules(


4. extract folder and rename to snortrules
5. overwrite etc/snort.conf from snortrules/etc/ to c:/snort/etc
6--Copy rules,so_rules and preproc_rules folder to c:/snort
7. open cmd in admin mode, navigate to c:/snort/bin 
8. type snort and press enter
9. Ctrl+c. snort exits and comebacks to c:/snort/bin
10. type snort -W
      will show machine physical address, IP address, and Ethernet Drivers, but all are disabled by default
11. find your ethernet index number using step 12(command is getmac/v)

13. above pic ethernet physical address is E0-DB..... comparing 13 and 14 we get index number for ethernet is 8
14. To enable Ethernet driver type snort -dev -i 8


Post a Comment