Snort mailing list archives

Re: snort woes (update)

From: Jim Starke <jstarke () ptd net>
Date: Sat, 11 Aug 2001 20:29:59 -0400

It appears that I have snort logging to mysql now but it appears to beonly logging icmp packets. It is not logging tcp or udp traffic.


When I exit snort I can see that it sees the tcp and udp packets.

Even with the following rule in place, it is not logging tcp traffic. :-(

alert tcp any any -> any any (msg:"TCP traffic";)

Has anyone ran into this problem before?

===============================================================================
Snort analyzed 4416 out of 4416 packets, dropping 0(0.000%) packets

Breakdown by protocol:                Action Stats:
    TCP: 712        (16.123%)         ALERTS: 0
    UDP: 2485       (56.273%)         LOGGED: 0
   ICMP: 0          (0.000%)          PASSED: 0
    ARP: 1219       (27.604%)
   IPv6: 0          (0.000%)
    IPX: 0          (0.000%)
  OTHER: 0          (0.000%)
DISCARD: 0          (0.000%)
===============================================================================
Fragmentation Stats:
Fragmented IP Packets: 0          (0.000%)
    Fragment Trackers: 0
   Rebuilt IP Packets: 0
   Frag elements used: 0
Discarded(incomplete): 0
   Discarded(timeout): 0
  Frag2 memory faults: 0
===============================================================================
TCP Stream Reassembly Stats:
        TCP Packets Used: 712        (16.123%)
         Stream Trackers: 57
          Stream flushes: 0
           Segments used: 0
   Stream4 Memory Faults: 0
===============================================================================
Snort received signal 2, exiting

Anyone know of a good brand of wax for a bald head? I think I've pulledall of my hair out now. lol!


--
Quidquid latine dictum sit, altum viditur.
http://www.jcsmall.com/homepage


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

snort woes Jim Starke (Aug 10)
- Re: snort woes Phil Wood (Aug 10)
  - Re: snort woes Jim Starke (Aug 11)
    - Re: snort woes J. C. Woods (Aug 11)
    - Re: snort woes Jed Pickel (Aug 11)
    - Re: snort woes Jim Starke (Aug 11)
- Re: snort woes (update) Jim Starke (Aug 11)
  - RE: snort woes (update) John Berkers (Aug 11)
    - Re: snort woes (update) Jim Starke (Aug 11)
  - RE: snort woes (update) John Berkers (Aug 11)