To setup our system environment we needed to install several programs on the different machines. Some of these programs are installed on each machine and some are installed on specific machine only. In this section, we will illustrate a detailed step-by-step procedure on how we configured each host in our experiment.
In this section will illustrate a detailed step-by-step procedure how we configured each host in our architecture.
Installing and configuring NIDS includes:
Installing the WinPcap packet capture library
Installing packet sniffer (Ethereal)
Installing Snort
Installing IDScenter
Installing MySQL DB
Installing and configuring Attacker includes:
Installing the WinPcap packet capture library
Installing packet sniffer (Ethereal)
Installing packet generator( Packet Excalibur)
Installing and configuring Target includes:
Installing the WinPcap packet capture library
Installing packet sniffer (Ethereal)
Installing packet Generator( Packet Excalibur)
Installing MS IIS web server, FTP server, SMTP service, etc.
Host NIDS is the first server and the most important one, it has the snort IDS program along with some other supporting tools. In the following subsection we will explain in step-by-step how to set up NIDS with WinPcap, Snort, IDScenter, and Ethereal and make them running for our experiment.
Why WinPcap?
WinPcap (Windows Packet Capture Library) is a packet-capture driver. Functionally, this means that WinPcap grabs packets from the network wire and pitches them to Snort, and windump. WinPcap is a Windows version of libpcap, which is used for running Snort with Linux.
The WinPcap driver performs the following functions for Snort:
Obtain a list of operational network adapters and retrieve information about the adapters.
Sniff packets using one of the adapters that you select.
Save packets to the hard drive (or more importantly for us, pitches them to Snort).
Installation steps of WinPcap:
Download WinPcap_3_1_auto-installer.exe (drivers and DLLs) to local disk from http://www.winpcap.org/install/default.htm.
Run the executable file.
Follow the instructions on the screen. The installation applet will automatically detect the operating system and install the correct drivers. If you see a dialog like Fig. 4.1.1, simply ignore it and click on "Continue anyway".
Fig. 4.1.1 Possible Error Prompt
The WinPcap-based applications are now ready to work.
You might be prompted to reboot your machine (for some Windows OS).
After the system is rebooted, the installation of the driver can be verified by checking the properties of the LAN connection of the “Network Connection” from the Control Panel. If the driver is properly installed, the properties should be as Fig.4.1.2.
Fig. 4.1.2 Verification for Proper winPcap Installation
Note: WinPcap can be installed as part of Ethereal Installation (next subsection 4.1.2), But we wanted to separate WinPcap installation to highlight what is WinPcap and why we need it and be more specific in our installation. Many people think WinPcap is part of Etherea l but it is not.
Share with your friends: |