RE: New to snort

["Michael Steele" <michaels () silicondefense com>]

Jeff,

I pointed Robert to the real answer. If by sending Robert to our site
was misleading, that was not my intention.

By sending Robert to our site it gave him all the tools he needed to
install a working and fictional IDS center for his Windows box, and the
ability to read those confusing alerts.

Robert is new to snort and the answer you gave him to his question, most
likely confused him with parts of your answer.  Remember he is NEW to
Snort.

All the documentation for Snort was included in the original
distribution. I'm almost positive Robert would have read that prior to
asking for help, but maybe not. I'm giving Robert the shadow of a doubt
and I think he did read it all.

Robert is now here for support. With everything I read out of Roberts
request I felt it imperative to send Robert to our site for a complete
walk through for his question. I answer dozens of these types of
questions each week, so I'm pretty intuitive when it comes to reading
these types of requests.

> > Since I'm guessing Robert is looking for a real answer to this
question
> > rather than an advertisement from Silicon Defense, this might help:

While we monitor several of these lists, we do want to make sure people
know that they do have a place to get commercial support for Snort when
they need it.

Silicon Defense is not here only to offer our superior commercial Snort
support, or our high quality "Sentrus" IDS at the best price available
on the market today, which is a perfect blend of the #1 most installed
IDS in the world, Snort, with a world leader in the network server
market, Sun, but we are here to genuinely help people, and I think we
have proven that.

- Mike
 
 Commercial Snort Support <<->> 1.866.41.SNORT
  Silicon Defense -- www.silicondefense.com
     Home of the new SENTRUS Snort sensor!
   Michael Steele - Snort Support Technician

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Jeff
Nathan
Sent: Saturday, March 02, 2002 8:14 PM
To: raa () lehighton org
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] New to snort

Since I'm guessing Robert is looking for a real answer to this question
rather than an advertisement from Silicon Defense, this might help:

The files you're asking about are in pcap format.  They can be read back
in using the -r switch with snort by typing: snort -r
snort-0215 () 2045 log | more
(if you omit the piping of the output to more, all the information in
the log file will scroll by on your display)

Additionally, you can read these files with windump:
http://netgroup-serv.polito.it/windump/

or Ethereal for windows: http://www.ethereal.com/distribution/win32

If you are new to looking at packets, Ethereal might be the best tool as
it's graphical and quite descriptive.

And, as a new user to snort you might enjoy reading the snort user's
manual: http://www.snort.org/docs/writing_rules/ (there should have been
a pdf version in your snort distribution) and the snort FAQ:
http://www.snort.org/docs/faq.html

Thanks for using snort.

-Jeff

Michael Steele wrote:
> - Mike
>
> Commercial Snort Support <<->> 1.866.41.SNORT
>  Silicon Defense -- <www.silicondefense.com>
>     Home of the new SENTRUS Snort sensor!
>   Michael Steele - Snort Support Technician
>
> -----Original Message-----
> From: Michael Steele [mailto:michaels () silicondefense com]
> Sent: Saturday, March 02, 2002 12:58 PM
> To: 'raa () lehighton org'
> Subject: RE: [Snort-users] New to snort
>
> Rob,
>
> Go to www.silicondefense.com and you will get everything you need.
>
> - Mike
>
> Commercial Snort Support <<->> 1.866.41.SNORT
>  Silicon Defense -- <www.silicondefense.com>
>     Home of the new SENTRUS Snort sensor!
>   Michael Steele - Snort Support Technician
>
> -----Original Message-----
> From: snort-users-admin () lists sourceforge net
> [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Robert
> Ayers
> Sent: Friday, March 01, 2002 8:21 AM
> To: snort-users () lists sourceforge net
> Subject: [Snort-users] New to snort
>
> First let me start off by saying that I just started using SNORT. I'm
> using the latest release of Snort for Windows, version 1.83. I am
> getting what appear to be log files that I can't read. I am having a
> hard time finding a program that will read them. Can anyone tell me
what
> switches that I should be using to eliminate this type of log file?
The
> files are named like this; snort-0215 () 2045 log. Can someone point me
in
> the right direction of the program that I could use to interpret them?
>
> TIA
>
> Rob
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

-- 
http://jeff.wwti.com            (pgp key available)
"Common sense is the collection of prejudices acquired by age eighteen."
- Albert Einstein

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users