< Java & Friends Activities | Windows XP Pro SP2 and IIS 5.1 >



Windows XP Pro SP2, Snort 2.8.6, MySQL and BASE for Fun





The following hands-on tutorial provides a complete and working installation and setup for the following items:


  1. Windows XP Pro SP2 – Operating System

  2. Internet Information Services (IIS) version 5.1 – Web server for Windows platform

  3. PHP version:   5.2.xx – PHP parsing engine for Windows

  4. Snort version:   2.8.6 – Intrusion Detection System, Packet Sniffer

  5. WinPcap version:   4.1.1 – Windows packet capture

  6. MySQL version:   5.x.x – Open Source database

  7. BASE version:   1.4.5 – Snort GUI web based packet analysis tool

  8. ADODB version:   511 – BASE’s ADO database driver

  9. Perl (ActivePerl) version: 5.10.1 – Perl parsing engine for Windows which is needed by Oinkmaster

  10. Oinkmaster version: 2.0 – Rules update tool for Snort


Sub-topics that we will cover in this very long session are:





  1. Windows XP Pro SP2 and IIS 5.1

  2. Install IIS Windows Component

  3. The IIS Snap-in:  Configuring IIS

  4. Testing Webpage on IIS

  5. PHP 3.5.2, Windows XP Pro SP 2 and IIS 5.1

  6. Download and Install PHP

  7. Editing the php.ini Config File

  8. Running PHP Commands from Windows Console

  9. Configuring IIS to Parse PHP files/extensions using FastCGI

  10. Testing the IIS Web Server with PHP Files

  11. Blank Webpage Problem

  12. Working PHP Engine Example

  13. PHP and PEAR/PECL

  14. The PHP Extension Community Library (PECL)

  15. Configuring and Updating PEAR package

  16. Running the pear Command from Windows Console

  17. The WinPcap and Windows XP Pro SP2

  18. WinPcap Download and Installation

  19. Verifying WinPcap Installation

  20. Windows Network Monitor Capture Utility (Netcap)

  21. Barnyard: Alternative Snort Output System

  22. Snort, Win XP Pro SP2, PHP and WinPcap

  23. Editing the Snort.conf Config File

  24. Download and Install Snort Rules

  25. Testing Snort from Windows Console

  26. Testing Snort Config File

  27. Running Snort from any Windows Path

  28. Snort in Sniffer mode

  29. Snort as Packet Logger

  30. The Not Using PCAP_FRAMES message

  31. Snort and MySQL Database

  32. Creating Snort Databases

  33. Creating Snort’s User Accounts

  34. Creating Table for Snort in mysnort and archive Databases

  35. Snort and MySQL Logging

  36. Testing the New Snort Configuration

  37. Configuring Snort as a Service (THIS ONE FAILED!)

  38. Testing mySQL Connection with PHP Code

  39. PHP and MySQL Error

  40. Snort and Basic Analysis and Security Engine (BASE)

  41. Download and Install

  42. Download and Install ADODB

  43. Editing PHP.ini File

  44. Editing BASE’s Config File

  45. Adding Additional Snort Database Tables for BASE

  46. Download and Install Additional PHP Extensions

  47. Testing BASE and Snort

  48. BASE and MySQL Errors

  49. More Errors

  50. Oinkmaster

  51. Perl for Windows (ActivePerl Community Edition)

  52. Download and Install Perl for Windows

  53. Running Perl from Windows Console

  54. Testing the Perl Engine

  55. Setting-up Perl Script Example for IIS Server

  56. Running the Windows Script Host (WSH)

  57. Installing and Configuring Oinkmaster

  58. Running the Oinkmaster GUI

  59. Updating Tk Package

  60. Configuring Oinkmaster from Oinkmaster GUI

  61. Getting the Oinkmaster Code

  62. Example for Snort

  63. Example for Snort

  64. Example for snort 2.8 (This will be deprecated on June 2010).

  65. Continue on Configuring Oinkmaster

  66. Updating Snort Rules using Oinkmaster

  67. Further Reading and Fun Activities

  68. Single PDF file of this  very long tutorial (~12MB - right click mouse and Save Link As...However, external links are not updated!)


Hopefully, this tutorial can provide a 'baseline' for Snort and BASE setup for other Windows platforms which quite difficult to find as can be seen at: Snort forum and WinSnort (Snort for Windows - http://http://www.winsnort.com/) or at least you can have some FUN! Although the setup can be considered 'complete', a lot more refinements need to be done mainly in the security aspects because the real setup normally done on the real web hosting.




< Java & Friends Activities | Windows XP Pro SP2 and IIS 5.1 >