Date: Fri, 12 Jul 2002 15:07:09 +0400 From: dawnshade <h-k@mail.ru> To: freebsd-security@FreeBSD.ORG Subject: Re[2]: Snort problem. Message-ID: <173572106055.20020712150709@mail.ru> In-Reply-To: <20020712102548.GH21554@brel.com> References: <60550254524.20020712090257@mail.ru> <20020712053845.GA89208@i-sphere.com> <29552793875.20020712094517@mail.ru> <1026465184.3d2e9da02c762@webmail.sambolian.net.nz> <108568184025.20020712140147@mail.ru> <20020712102548.GH21554@brel.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Calvin,
Friday, July 12, 2002, 2:25:48 PM, you wrote:
CN> Greetings,
CN> I am assuming we are not talking about a switched network here.
CN> And that the listen interface (cp0) can actually see all traffic.
CN> run it in tcpdump mode, and see that it really is collecting
CN> network data.
CN> or, deliberately run a probe/scan against host mx and see if
CN> snort generates an alert.
CN> Regards,
CN> /calvin
:>> >> f> On Fri, Jul 12, 2002 at 09:02:57AM +0400, dawnshade wrote:
:>> >> >> I have a little problem:
:>> >> >> install, configure snort (1.8.6 (Build 105)).
:>> >> >> Run: /usr/local/bin/snort -c /usr/local/etc/snort/snort.conf -s -A full
:>> >> -d -D -l /usr/log/snort
:>> >> >>
:>> >> >> But the snort does nothing: not log or alert scans, portscans,
:>> >> >> etc....
:>> >> >>
:>> >> >> thank all for advance.
:>> >> >>
:>> >> >>
:>> >>
:>>
Yes, interface cp0 - external.
BUT: snort analyzed 0 packets!!!!! Why???
su-2.05a# snort -v
Log directory = /var/log/snort
Initializing Network Interface cp0
--== Initializing Snort ==--
Decoding PPP on interface cp0
--== Initialization Complete ==--
-*> Snort! <*-
Version 1.8.7 (Build 128)
By Martin Roesch (roesch@sourcefire.com, www.snort.org)
^C
===============================================================================
Snort analyzed 0 out of 1476 packets, The kernel dropped 0(0.000%) packets
Breakdown by protocol: Action Stats:
TCP: 0 (0.000%) ALERTS: 0
UDP: 0 (0.000%) LOGGED: 0
ICMP: 0 (0.000%) PASSED: 0
ARP: 0 (0.000%)
IPv6: 0 (0.000%)
IPX: 0 (0.000%)
OTHER: 0 (0.000%)
DISCARD: 0 (0.000%)
===============================================================================
Fragmentation Stats:
Fragmented IP Packets: 0 (0.000%)
Fragment Trackers: 0
Rebuilt IP Packets: 0
Frag elements used: 0
Discarded(incomplete): 0
Discarded(timeout): 0
Frag2 memory faults: 0
===============================================================================
TCP Stream Reassembly Stats:
TCP Packets Used: 0 (0.000%)
Stream Trackers: 0
Stream flushes: 0
Segments used: 0
Stream4 Memory Faults: 0
===============================================================================
Snort received signal 2, exiting
--
Best regards,
dawnshade mailto:h-k@mail.ru
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?173572106055.20020712150709>