Results 1 to 9 of 9

Thread: Installing a GUI for Snort

  1. #1
    Join Date
    2013-Aug
    Location
    England
    Posts
    27

    Installing a GUI for Snort

    Hi all!

    This is my first post on this forum! I've been using Kali for a few weeks now and love it! I've been playing with snort and read an article online about different GUI's for snort. Sounds interesting. So I tried to install a few different ones but I had no joy with it. (I tried Snorby and Base). My question is, has anyone else been able to get a GUI for snort going on Kali? If so what are your thoughts on the GUI compared to using the command line and did you use an online tutorial on how to install a GUI?

    Thanks in advance guys!
    Really hope I've got this in the right part of the forum!

    Sark.

  2. #2
    Join Date
    2013-Jun
    Location
    Utah
    Posts
    22
    First you need to go to this website and download the source code http://www.snort.org/snort-downloads. Then open the terminal and enter these commands..

    cd /usr/src

    wget -O snort-2.8.6.1.tar.gz http://www.snort.org/downloads/116

    tar xvzf snort-2.8.6.1.tar.gz

    You need this as well dev packages of libpcap and libpcre
    # apt-cache policy libpcap0.8-dev
    libpcap0.8-dev:
    Installed: 1.0.0-2ubuntu1
    Candidate: 1.0.0-2ubuntu1

    # apt-cache policy libpcre3-dev
    libpcre3-dev:
    Installed: 7.8-3
    Candidate: 7.8-3

    Then enter in terminal
    # cd snort-2.8.6.1

    # ./configure

    # make

    # make install

    Create the directories

    # mkdir /etc/snort

    # mkdir /etc/snort/rules

    # mkdir /var/log/snort


    And finally create snort.conf and icmp.rules files:
    # cat /etc/snort/snort.conf
    include /etc/snort/rules/icmp.rules

    # cat /etc/snort/rules/icmp.rules
    alert icmp any any -> any any (msg:"ICMP Packet"; sid:477; rev:3


    That should work!

  3. #3
    Join Date
    2013-Aug
    Location
    England
    Posts
    27
    Your sir are a gentleman. Thank you for taking the time to write such a detail reply. I've followed what you have said but unfortunately I had no joy. However I will continue to tinker around with it. Seems a shame that I can't get the thing to work, it would be a nice addition to my network to have an IDS like snort running in a GUI along side Wireshark.

    Once again, thank you for your reply.

  4. #4
    Join Date
    2014-Feb
    Posts
    1
    i have instaled psad + iptables + fail2ban , but i need to know how to install and configure fwsnort in kali linux with
    psad and iptables . please help

  5. #5
    hi i m new to this group and also to snort. my doubt is that when snort action is BLOCK then the signature is getting triggered in the alert file only for the first time for specific attack. for regenerating it ,i need to kill snort and run it again. but when this is in ALERT mode ,for each attack of same type the alert is getting triggered everytime .

    for example : when i m doing svmap for 1st time with BLOCK mode alert is getting triggered, again i do the same svmap the alert is not getting triggered eventhough attack is prevented from happening.
    but when in ALERT mode for each attempt of svmap(attacking tool) signature is getting triggered without running the snort again.

    so is this behaviour normal keeping snort function in mind that when in drop mode the snort blocks the attack and alert is triggered only once(that is for the 1st time) or it should triggered for each attempt.

    i will be highly obliged if somebody helps me out
    aditya prakash

  6. #6
    Join Date
    2013-Mar
    Location
    canada
    Posts
    28
    I'm trying to install GUI for snort
    following the guidance above
    after giving the configure command
    I get this error

    ERROR! daq_static library not found, go get it from
    http://www.snort.org/.
    Someone can help I use 64bit kali

  7. #7
    Join Date
    2013-Dec
    Posts
    2
    Quote Originally Posted by BlAd373 View Post
    I'm trying to install GUI for snort
    following the guidance above
    after giving the configure command
    I get this error

    ERROR! daq_static library not found, go get it from
    http://www.snort.org/.
    Someone can help I use 64bit kali

    The first hit using google is https://groups.google.com/forum/#!to...rt/qgDSSRsEgVk

    Hope that helps...
    :-)

  8. #8
    Join Date
    2014-May
    Location
    127.0.1.1
    Posts
    22

    snort in wlan0

    I'm glad to see this post because I have a question... since I am not interested in the GUI for snort, how do I enable snort to sniff traffic on wlan0 rather than a seemingly default sniff on eth0? Actually, I'm not picking up any traffic on either interface. What explaination or package/configurations am I missing? ?

    here's my output:

    Code:
     root@kali:~# snort
    Running in packet dump mode
    
            --== Initializing Snort ==--
    Initializing Output Plugins!
    pcap DAQ configured to passive.
    The DAQ version does not support reload.
    Acquiring network traffic from "eth0".
    Decoding Ethernet
    
            --== Initialization Complete ==--
    
       ,,_     -*> Snort! <*-
      o"  )~   Version 2.9.2.2 IPv6 GRE (Build 121) 
       ''''    By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team
               Copyright (C) 1998-2012 Sourcefire, Inc., et al.
               Using libpcap version 1.3.0
               Using PCRE version: 8.30 2012-02-04
               Using ZLIB version: 1.2.7
    
    Commencing packet processing (pid=19656)
    After a short time this is the additional output once I killed the process with ctlr+c:

    Code:
     ^C*** Caught Int-Signal
    ===============================================================================
    Run time for packet processing was 118.402001 seconds
    Snort processed 0 packets.
    Snort ran for 0 days 0 hours 1 minutes 58 seconds
       Pkts/min:            0
       Pkts/sec:            0
    ===============================================================================
    Packet I/O Totals:
       Received:            0
       Analyzed:            0 (  0.000%)
        Dropped:            0 (  0.000%)
       Filtered:            0 (  0.000%)
    Outstanding:            0 (  0.000%)
       Injected:            0
    ===============================================================================
    Breakdown by protocol (includes rebuilt packets):
            Eth:            0 (  0.000%)
           VLAN:            0 (  0.000%)
            IP4:            0 (  0.000%)
           Frag:            0 (  0.000%)
           ICMP:            0 (  0.000%)
            UDP:            0 (  0.000%)
            TCP:            0 (  0.000%)
            IP6:            0 (  0.000%)
        IP6 Ext:            0 (  0.000%)
       IP6 Opts:            0 (  0.000%)
          Frag6:            0 (  0.000%)
          ICMP6:            0 (  0.000%)
           UDP6:            0 (  0.000%)
           TCP6:            0 (  0.000%)
         Teredo:            0 (  0.000%)
        ICMP-IP:            0 (  0.000%)
          EAPOL:            0 (  0.000%)
        IP4/IP4:            0 (  0.000%)
        IP4/IP6:            0 (  0.000%)
        IP6/IP4:            0 (  0.000%)
        IP6/IP6:            0 (  0.000%)
            GRE:            0 (  0.000%)
        GRE Eth:            0 (  0.000%)
       GRE VLAN:            0 (  0.000%)
        GRE IP4:            0 (  0.000%)
        GRE IP6:            0 (  0.000%)
    GRE IP6 Ext:            0 (  0.000%)
       GRE PPTP:            0 (  0.000%)
        GRE ARP:            0 (  0.000%)
        GRE IPX:            0 (  0.000%)
       GRE Loop:            0 (  0.000%)
           MPLS:            0 (  0.000%)
            ARP:            0 (  0.000%)
            IPX:            0 (  0.000%)
       Eth Loop:            0 (  0.000%)
       Eth Disc:            0 (  0.000%)
       IP4 Disc:            0 (  0.000%)
       IP6 Disc:            0 (  0.000%)
       TCP Disc:            0 (  0.000%)
       UDP Disc:            0 (  0.000%)
      ICMP Disc:            0 (  0.000%)
    All Discard:            0 (  0.000%)
          Other:            0 (  0.000%)
    Bad Chk Sum:            0 (  0.000%)
        Bad TTL:            0 (  0.000%)
         S5 G 1:            0 (  0.000%)
         S5 G 2:            0 (  0.000%)
          Total:            0
    ===============================================================================
    Snort exiting
    root@kali:~#
    Any input is greatly appreciated.

    Additional info:

    ./sort-conf is not installed (so options such as '-vd' are not available)

    This is the output of running snort on -i wlan0:

    Code:
      root@kali:~# snort -i wlan0
    Running in packet dump mode
    
            --== Initializing Snort ==--
    Initializing Output Plugins!
    pcap DAQ configured to passive.
    The DAQ version does not support reload.
    Acquiring network traffic from "wlan0".
    Decoding Ethernet
    
            --== Initialization Complete ==--
    
       ,,_     -*> Snort! <*-
      o"  )~   Version 2.9.2.2 IPv6 GRE (Build 121) 
       ''''    By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team
               Copyright (C) 1998-2012 Sourcefire, Inc., et al.
               Using libpcap version 1.3.0
               Using PCRE version: 8.30 2012-02-04
               Using ZLIB version: 1.2.7
    
    Commencing packet processing (pid=20510)
    ^C*** Caught Int-Signal
    ===============================================================================
    Run time for packet processing was 5.383593 seconds
    Snort processed 0 packets.
    Snort ran for 0 days 0 hours 0 minutes 5 seconds
       Pkts/sec:            0
    ===============================================================================
    Packet I/O Totals:
       Received:            0
       Analyzed:            0 (  0.000%)
        Dropped:            0 (  0.000%)
       Filtered:            0 (  0.000%)
    Outstanding:            0 (  0.000%)
       Injected:            0
    ===============================================================================
    Breakdown by protocol (includes rebuilt packets):
            Eth:            0 (  0.000%)
           VLAN:            0 (  0.000%)
            IP4:            0 (  0.000%)
           Frag:            0 (  0.000%)
           ICMP:            0 (  0.000%)
            UDP:            0 (  0.000%)
            TCP:            0 (  0.000%)
            IP6:            0 (  0.000%)
        IP6 Ext:            0 (  0.000%)
       IP6 Opts:            0 (  0.000%)
          Frag6:            0 (  0.000%)
          ICMP6:            0 (  0.000%)
           UDP6:            0 (  0.000%)
           TCP6:            0 (  0.000%)
         Teredo:            0 (  0.000%)
        ICMP-IP:            0 (  0.000%)
          EAPOL:            0 (  0.000%)
        IP4/IP4:            0 (  0.000%)
        IP4/IP6:            0 (  0.000%)
        IP6/IP4:            0 (  0.000%)
        IP6/IP6:            0 (  0.000%)
            GRE:            0 (  0.000%)
        GRE Eth:            0 (  0.000%)
       GRE VLAN:            0 (  0.000%)
        GRE IP4:            0 (  0.000%)
        GRE IP6:            0 (  0.000%)
    GRE IP6 Ext:            0 (  0.000%)
       GRE PPTP:            0 (  0.000%)
        GRE ARP:            0 (  0.000%)
        GRE IPX:            0 (  0.000%)
       GRE Loop:            0 (  0.000%)
           MPLS:            0 (  0.000%)
            ARP:            0 (  0.000%)
            IPX:            0 (  0.000%)
       Eth Loop:            0 (  0.000%)
       Eth Disc:            0 (  0.000%)
       IP4 Disc:            0 (  0.000%)
       IP6 Disc:            0 (  0.000%)
       TCP Disc:            0 (  0.000%)
       UDP Disc:            0 (  0.000%)
      ICMP Disc:            0 (  0.000%)
    All Discard:            0 (  0.000%)
          Other:            0 (  0.000%)
    Bad Chk Sum:            0 (  0.000%)
        Bad TTL:            0 (  0.000%)
         S5 G 1:            0 (  0.000%)
         S5 G 2:            0 (  0.000%)
          Total:            0
    ===============================================================================
    Snort exiting
    root@kali:~#
    The current documentation I am following for all snort related commands is the snort user manual: http://s3.amazonaws.com/snort-org/ww...ort_manual.pdf

    UPDATE: Everything is working fine now...I never visited a page to test my configuration. "nooby-mistake.sh"
    Last edited by OS-13115; 2014-06-05 at 06:02. Reason: additional information
    "Great understanding comes to those who find questions and question answers."

  9. #9
    Join Date
    2013-Mar
    Location
    canada
    Posts
    28
    Quote Originally Posted by majickmann View Post
    The first hit using google is https://groups.google.com/forum/#!to...rt/qgDSSRsEgVk

    Hope that helps...
    :-)
    Thank you so much

Similar Threads

  1. problem installing snort
    By josh1000 in forum General Archive
    Replies: 3
    Last Post: 2017-03-24, 12:20
  2. Installing a GUI for Snort
    By sark_89 in forum TroubleShooting Archive
    Replies: 1
    Last Post: 2013-08-17, 09:51

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •