Preparing for the Installation

Before you can install Snort 2.1, you need to ensure that you have everything you need to make sure the system is ready for the installation. Snort will not install and function properly if the environment is not hospitable.

Installing pcap

libpcap is a packet capture library for Linux systems. What is unique about this library is that it can capture packets destined for the local hosts, and can also pick up packets destined for other hosts on the network. This, in essence, means that you can place a machine in a strategic location on your network and have it analyze the packets that travel through (for a quick example, see Figures 3.1 and 3.2). Snort requires this library to function, and it is best to download the newest version of it every time you install or upgrade Snort. The benefits of getting the newest release are twofold: you will realize increased stability and speed running the program. Even if your system already has a version of pcap (such as Red Hat Linux) you should follow this advice.