• United States

Snorting up intrusion detection

Sep 29, 20032 mins
Intrusion Detection SoftwareNetwork SecurityOpen Source

* Dr. Internet columnist Steve Blass answers a reader's question regarding running Snort IDS on Windows

To learn more about keeping our network from being compromised, we subscribed to a security mailing list. We have read about the Snort intrusion-detection system. Can we run it on a Windows system and use it to monitor the network?

Yes, Snort can run on a Windows system. The Snort home page ( even lets you download a pre-compiled Windows version so you don’t have to compile the program from source code.

You should also get a copy of the Snort Users Manual and a copy of the Windows Guide, which explains the need to install a packet capture driver before installing Snort. You can use winpcap (  or packet2k ( to do this.

Snort operates in three modes. You can use it as a sniffer that displays all network traffic on your screen, and as a packet logger, which writes copies of the packets to a file on your disk drive. The third way, network intrusion detection, is covered in the user manual. In this mode, Snort uses a rules file (snort.conf) to decide which packets represent intrusion attempts.

Writing Snort rules is explained in detail on the Web site.