30

Chapter 2     Installing Snort and Getting Started

the latest version of Snort from its web site (http://www.snort.org/). Just look for the

 download  link and grab the latest version of the software. At the time of writing this

book, the latest version was 1.9.0. The downloadable file name is snort 

1.9.0.tar.gz, which can be saved  in the /opt directory on the Linux box. Note that

the installation method is similar for other versions which may be available by the time

you read this book.

N O T E  You must have libpcap installed on your UNIX machine or WinPcap if you

are using Microsoft Windows. You can get WinPcap from http://winpcap.polito.it/. Lib 

pcap is available from http://www nrg.ee.lbl.gov/.

2.2.2.1

Unpacking

The first step after downloading is unpacking the source code. Use the following

command to unpack it:

tar zxvf snort 1.9.0.tar.gz

This will create a directory /opt/snort 1.9.0, assuming that you have downloaded

the file in /opt directory and have run the tar command in this directory. In case of

other versions of Snort, the directory name will be different and will reflect the ver 

sion number. After unpacking you can see the directory tree created by the tar com 

mand using the 

tree

 command. The following is a snapshot of directories present

under /opt/snort 1.9.0 directory.

[root@conformix opt]# tree  d snort 1.9.0

snort 1.9.0

|   contrib

|   doc

|   etc

|   rules

|   src

|   |   detection plugins

|   |   output plugins

|   |   preprocessors

|       win32

|       |   WIN32 Code

|       |   WIN32 Includes

|       |   |   NET

|       |   |   NETINET

|       |   |   libnet

|       |   |   mysql

|       |       rpc

|       |   WIN32 Libraries

|       |   |   libnet