Snort and Wireshark

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

I was wandering are these two softwares the same? has one got any advantages over the other one? Which one do you use and why? I installed wireshark last night and i didnt have a clue on how to use it. Will be reading the tutorials on here when i get home. Also i noticed something else as well.. first i went to download etheral which was 12MB then i realised that its now called wireshark, then i went to download wireshark.. which was under 1MB... why the big difference?

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

AFAIK Snort is only for Linux boxes, although I think there was a Snort for Windows under development.

 

Snort and Wireshark - although they can perform similar functions - are completely different. Whilst Wireshark is an excellent packet sniffer and analyser - that's ALL it is. It allows you to capture and interpret network traffic. Snort is a fully-functional open-source IDS - providing features that you would ususally have to pay thousands - if not TENS of thousands of pounds for in a commercial product. Comparing the two is like comparing a bicycle to a Ferrari.

Not sure why your download was only 1Mb - the full Wireshark download is around 12Mb (Wireshark is, as you probably know, the 'evolutuion' of Ethereal - which was comparable in size). I suggest that you probably either got a corrupt, half-finished download, or have downloaded something bogus masquerading as Wireshark. The full, bona fide download can be found here

 

Si - Snort is platform independent. I have three Snort IDS boxes running at work on Windows - using the excellent WinSnort All-In-One package. This is a full install of Snort, together with full support for a graphical front end (BASE) running PHP via either Apache or IIS, and logging to a back end DB - supporting MySQL or SQL Server.

Incidentally, in most cases a solution like this has the snazzy 'LAMP' acronym (Linux, Apache, MySQl, PHP). I guess in this case you could call it 'WIMP' or 'WAMP'

 

Windows 2000/XP/2003/Vista Installer (.exe)

* Wiretapped (http, au)

i downloaded that one from www.wireshark.org

is snort hard to use? Are there tutorials out there for it? I will be runnign it on windows 2003