barns.blog

Today I set about performing the following tasks:

• Setting up and Running Snort
• Testing Snort with a few Simple Scans
• Using InetVis with NULL Interface Traffic

I succeeded in setting up Snort and running it with just the sfportscan preprocessor. The README states that it is designed to match against Nmap scans and I attempted to get it to alert on these, but discovered that it doesn’t alert on a number of these scans.

In an attempt to use Nmap scans tartgeted at a FreeBSD disc Interface, I set about modifying InetVis to accept more than just Ethernet frames. This was a “Bad Idea”™. With some help from Nick and Wiresharks text2pcap tool, I wrote a program which converts a disc interface tcpdump file to text which can be processed by text2pcap to produce a file of Ethernet frames. This loads correctly into Wireshark, but still does not produce output in the Windows version of InetVis. I think that it is a bug…

I struggled to use C++ after such a long time of not using it, but it certainly improved as the afternoon wore on.

Ok, so I really struggled to get VIX working with perl on Windows, but have finally sorted it out. First of all, its NOT installed by default. Only the C bindings are. So I had to go compile it. That worked ok., but then it still didn’t work. So I had to do this:

• Add the vix_perl directory to the system path.
• Create a perl.exe.manifest file in perl/bin which contains version information about the C libraries needed.

(See: http://www.vmware.com/community/thread.jspa?threadID=100057&tstart=0)