Building an ethichal hacking lab on your laptop with VirtualBox – Part 3 Linux Mint Snort IDS – Installing DAQ & Snort

Following on from the previous tutorial where we installed Linux Mint and updated it, now it is time to install DAQ which stands for ‘Data AcQuisition library’  and it replaces calls to the packet capture libraries with an abstraction layer making it easier to add software or hardware packet capture implementations later on if you need to very easily without having to recompile the Snort core. Snort will also be built from source.

First you need to install a few packages:

sudo apt-get install -y build-essential libpcap-dev libpcre3-dev libdumbnet-dev bison flex zlib1g-dev

33 - Install some packages required to build snort from source

33 – Install some packages required to build snort from source

It should finish like below without error

34 - packages installed without error

34 – packages installed without error

Next create a file called snort_source and download daq, configure and make to install it from source. You can do this simply by just copying and pasting the commands below into your browser

mkdir ~/snort_source
cd ~/snort_source
wget https://www.snort.org/downloads/snort/daq-2.0.5.tar.gz
tar -xvzf daq-2.0.5.tar.gz
cd daq-2.0.5
./configure
make
sudo make install

35 - Install daq from source 1

35 – Install daq from source 1

Extract:

tar -xvzf daq-2.0.5.tar.gz

35 - Install daq from source 2

35 – Install daq from source 2

cd daq-2.0.5
./configure

35 - Install daq from source 3

35 – Install daq from source 3

Finished ./configure

35 - Install daq from source 4

35 – Install daq from source 4

make

35 - Install daq from source 5

35 – Install daq from source 5

Finished make

35 - Install daq from source 6

35 – Install daq from source 6

sudo make install

35 - Install daq from source 7

35 – Install daq from source 7

When finished without error it will look like the following below

35 - Install daq from source 8

35 – Install daq from source 8

So to install snort from source it is pretty similar to daq

cd ~/snort_source
wget https://www.snort.org/downloads/snort/snort-2.9.7.3.tar.gz
tar -xvzf snort-2.9.7.3.tar.gz
cd snort-2.9.7.3
./configure –enable-sourcefire
make
sudo make install

The –enable-sourcefire flag enables Packet Performance Monitoring(PPM), which is how the Snort team builds Snort from source.

36 - Install snort from source 1

36 – Install snort from source 1

Extract:

tar -xvzf snort-2.9.7.3.tar.gz

36 - Install snort from source 2

36 – Install snort from source 2

cd snort-2.9.7.3
./configure –enable-sourcefire

36 - Install snort from source 3

36 – Install snort from source 3

Make finishes without error

36 - Install snort from source 4

36 – Install snort from source 4

sudo make install looks like the following

36 - Install snort from source 5

36 – Install snort from source 5

sudo ldconfig (Creates the necessary links and cache)

sudo ln -s /usr/local/bin/snort /usr/sbin/snort (Create a symbolic link between the two directories, that’s what the -s is for)

/usr/sbin/snort -V (Test’s that the snort binary runs, executing with the -V will show you the version number)

36 - Install snort from source 6

36 – Install snort from source 6

That’s DAQ and Snort installed from source, in the next tutorial we will start to configure snort.

 

One thought on “Building an ethichal hacking lab on your laptop with VirtualBox – Part 3 Linux Mint Snort IDS – Installing DAQ & Snort

Leave a Reply