Snort mailing list archives

Re: Snort 2.1.x support on Win32

From: Rich Adamson <radamson () routers com>
Date: Mon, 21 Jun 2004 09:19:22 -0600

I might add that WinPcap v2.1 works fine with latest Win32 as well, but
any threshold rule that uses "seconds" or "count" will fail due to what
appears to be a bug interpreting the integer values that follow those
keywords.

------------------------

FYI - for some of you having issue with the newer versions of Snort on Win2k/XP...
 
1) Make sure you have installed WinCap v3.0
 
2) If you updated Snort i.e. 2.1.2 or 2.1.3 from realier versions, you need to use the new

snort.conf file and remodify it. There are changes in the

file - such as http_decode is now http_inspect:
 
preprocessor http_inspect: global \
    iis_unicode_map unicode.map 1252
 
preprocessor http_inspect_server: server default \
    profile all ports { 80 8080 8180 } oversize_dir_length 500
... the snort test will balk at the "global" if you don't reconfigure for this; also make user

you have the unicode/map file in the path. (Best

approach I have found is to turn off http_decode in IDSCenter and edit/add the appropriate

http_inspect parameters). Refer to the new Snort

documentation.
 
 
3) IDSCenterRC4 DOES run with Snort 2.1.3... IF you don't reload your old - pre2.1.x config.

(see above)

 
Hope this helps.
 
Brian Koski
Principal I.T.  Analyst
City of Citrus Heights
Work: 916-727-4735

---------------End of Original Message-----------------




-------------------------------------------------------
This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference
Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer
Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA
REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort 2.1.x support on Win32 Koski, Brian (Jun 21)
- Re: Snort 2.1.x support on Win32 Rich Adamson (Jun 21)
- <Possible follow-ups>
- RE: Snort 2.1.x support on Win32 Rich Adamson (Jun 22)