Snort

1. Download snort
2. Register on snort website to download snort rules(https://snort.org/users/sign_up)

3.Downloads
snortrules-snapshot-2973.tar.gz


4. extract folder and rename to snortrules
5. overwrite etc/snort.conf from snortrules/etc/ to c:/snort/etc
6--Copy rules,so_rules and preproc_rules folder to c:/snort
7. open cmd in admin mode, navigate to c:/snort/bin 
8. type snort and press enter
9. Ctrl+c. snort exits and comebacks to c:/snort/bin
10. type snort -W
      will show machine physical address, IP address, and Ethernet Drivers, but all are disabled by default
 
11. find your ethernet index number using step 12(command is getmac/v)


13. above pic ethernet physical address is E0-DB..... comparing 13 and 14 we get index number for ethernet is 8
14. To enable Ethernet driver type snort -dev -i 8

Reactions:

0 comments:

Post a Comment