Reference: https://discussions.apple.com/thread/4473229?tstart=0
sudo port install hwloc luajit
curl -L -O https://www.snort.org/downloads/snort/daq-2.0.6.tar.gz
curl -O -L https://www.snort.org/downloads/snort/md5s
openssl md5 daq-2.0.6.tar.gz
./configure --with-libpcap-libraries=/opt/local/lib --disable-ipfw-module
make
sudo make install
Make sure to compile in a directory with no spaces in the path name and use the native gcc compiler, not the Macports compiler.
curl -O -L https://www.snort.org/downloads/snort/snort-2.9.11.tar.gz
openssl md5 snort-2.9.11.tar.gz
cat md5s
cd /tmp # build in a directory with no spaces in the path name
tar xfp ~/Downloads/snort-2.9.11.tar.gz
cd snort-2.9.11.tar.gz
export PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/opt/local/bin:/opt/local/sbin # use native gcc
./configure --enable-gre --enable-mpls --enable-targetbased --enable-ppm --enable-perfprofiling --enable-active-response --enable-normalizer --enable-reload --enable-react --enable-flexresp3 --with-daq-libraries=/usr/local/lib --with-daq-includes=/usr/local/include --prefix=/usr/local
make -j 4
sudo make install
sudo mkdir -p /usr/local/etc/snort
cd /usr/local/etc/snort
sudo tar xfpvz ~username/Downloads/snortrules-snapshot-29110.tar.gz
Edit snort.conf.
sudo /usr/local/bin/snort -d -e -i en0 -c /usr/local/etc/snort/snort.conf