CRC-Blogs

Debugging Snort 2.9.13 on Visual Studio Code 1.38.1 (Step by Step Guide)

To get deep down into the code flow and analysis of Snort, we can use Visual Studio Code (vscode) as the debugger for Snort. In this guide you will learn how to install latest version of Visual Studio Code (version - 1.38.1 on the date of writing this blog) on ubuntu 18.10. Then you will learn about how we can debug snort in Visual Studio Code.

 

STEP 1: Installing Visual Studio Code 1.38.1 on ubuntu 18.10

  • Navigate to ‘Show Applications’ menu from the taskbar and open ‘Ubuntu Software’ application.
  • Search for Visual Studio Code and you’ll get a list of applications. Select Visual Studio Code and Install.

  • For debugging Snort, we need to run Visual Studio Code as a root user. Following terminal command will do the trick.

            sudo code –user-data-dir="/root/.vscode"

  • Visual Studio Code will launch with a (superuser) label on top as shown below

 

STEP 2: Debugging Snort for Code Flow and Analysis

  • Download and install Snort and its dependencies from https://www.snort.org
  • Launch Visual Studio Code as ‘superuser’ (explained above)
  • Click on File → Open Folder

  • Select folder named snort-2.9.13.
  • After Snort folder has opened in Visual Studio Code, We need to configure lauch.json file to run Snort
  • Click on debug button (the one with bug icon) on the left panel.

  • Debug window will open. Now click on launch.json button (gear icon) as shown below.

  • Launch.json file will open. Now we need to provide the Snort executable path in this file i.e.

 "program": "${workspaceFolder}/src/snort"

  • Please follow configurations shown below