Installing & Configuring Snort 2.9.17 on Windows 10

Introduction To Snort:

Installing Snort 2.9.17 on Windows 10 A Step By Step Guide:

Figure 01: License agreement for Snort 2.9.17
Figure 02: Choosing Components for Snort 2.9.17
Figure 03: Choose Install location for Snort 2.9.17
Figure 04: Setup Complete for Snort 2.9.17
Figure 05: Window showing details of software needed to run Snort successfully
Figure 06: License agreement for Npcap 1.10
Figure 07: Choose Components to install for Npcap 1.10
Figure 08: Setup completed for Npcap 1.10
Figure 09: Successful installation for Npcap 1.10 completed
Figure 10: Successfully running Snort on Windows 10 through command prompt

Configuring Snort 2.9.17 on Windows 10:

ipvar HOME_NET any
Figure 11: Setting up the Home Network Address in Snort
# Set up the external network addresses. Leave as “any” in most situationsipvar EXTERNAL_NET any
Figure 12: Setting up the external Network Addresses in Snort
# Path to your rules files (this can be a relative path)# Note for Windows users: You are advised to make this an absolute path,# such as: c:\snort\rulesvar RULE_PATH ../rulesvar SO_RULE_PATH ../so_rulesvar PREPROC_RULE_PATH ../preproc_rules
Figure 13: Setting up path to our rules files and preproc rules folder in Snort
# If you are using reputation preprocessor set thesevar WHITE_LIST_PATH ../rulesvar BLACK_LIST_PATH ../rules
Figure 14: Setting up our White List and Black List files paths in Snort
# Configure default log directory for snort to log to. For more information see snort -h command line options (-l)## config logdir:
Figure 15: Setting up Log Directory Path in Snort
# path to dynamic preprocessor libraries
dynamic preprocessor directory/usr/local/lib/snort_dynamicpreprocessor/
Figure 16: Setting up path to dynamic preprocessors and dynamic engine in Snort
# path to base preprocessor enginedynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so
Figure 17: Setting up the path to dynamic preprocessor engine in Snort
# path to dynamic rules libraries# dynamicdetection directory /usr/local/lib/snort_dynamicrules
Figure 18: Path to dynamic rules libraries in Snort
Figure 19: Commenting out packet normalization commands in Snort
# Reputation preprocessor. For more information see README.reputationpreprocessor reputation: \memcap 500, \priority whitelist, \nested_ip inner, \whitelist $WHITE_LIST_PATH/whitelist, \blacklist $BLACK_LIST_PATH\black.list
Figure 20: Whitelisting and Blacklisting IPs through the command as shown in figure
Figure 21 : Converted back slashes to forward slashes in specific lines in snort.conf file
Figure 22: Converted back slashes to forward slashes in specific lines in snort.conf file
# decoder and preprocessor event rules# include $PREPROC_RULE_PATH/preprocessor.rules# include $PREPROC_RULE_PATH/decoder.rules# include $PREPROC_RULE_PATH/sensitive-data.rules
Figure 23 : Converted back slashes to forward slashes in specific lines and uncommenting specific lines in snort.conf file
Figure 24: verifying presence of “include threshold.conf” command in snort.conf file
Figure 25 : Creating White List IPs file
Figure 26 : Creating Black List IPs file in Snort
Figure 27: Test Running of Snort in Windows 10 after Configuration
Snort — W
snort -i 1 -c C:\Snort\etc\snort.conf -T
Figure 28 : Checking Validation of Snort Configuration in Command Prompt

References:

I am a Student of MS- IS (Information Security). I like to read books on life and I like writing technical documents.