Snort mailing list archives

RE: Snort 1.9.0beta5

From: "Gray . Brendan" <bgray2 () drc com>
Date: Fri, 16 Aug 2002 11:17:46 -0400

Incidentally, I'm trying 1.9.0beta5, and was still having the problem with
my eth0 interface dropping out of promisc mode right after going into
promisc mode.  Only this time I saw an error message in my messages file
complaining of an obsolete (PF_INET,SOCK_PACKET) so I upgraded my libpcap
from 0.6 to 0.7 and now it works ok.  

Aug 15 17:24:59 testbox kernel: snort uses obsolete (PF_INET,SOCK_PACKET)

Indidentally, Snortsnarf won't work on the alert file for snort-1.9.  The
format differs.

Brendan



-----Original Message-----
From: Chris Green [mailto:cmg () sourcefire com]
Sent: Wednesday, August 14, 2002 8:31 PM
To: snort-users; snort-devel; snort-announce
Subject: [Snort-users] Snort 1.9.0beta5


Changes:

* uri_count bug fixed ( caused wrong alert to be generated occasionally
  for http trafic )

* -R flag for pid file ids ( Phil Wood )

* preprocessor conversation: allowed_ip_protocols 1 6 17,
alert_odd_protocols

(cause snort to alert on ip protocols that you didn't allow)

Please test this out as much as you can.  This is incredibly stable
and lots of outstanding bugs have been hammered out recently ( bugs
that even affect 1.8.7 )

Unix Users:

I need packet statistics of larger networks so we can help create a
local testing suite for different types of network environments so we
can help make snort better.

If you can please help us out by mailing me privately the following
info:

1) ./configure --enable-perfmonitor
1) save the attached perftest.conf to the snort/etc directory
3) from the snort directory
    src/snort -c etc/perftest.conf -A none -N  \
             -l /tmp 2>&1 | tee perfmonitor-30sec.txt

Email me perfmonitor-30sec.txt with a small description of your
network:

- network link type ( 10/100/GigE ) (tap/monitor port/hub)
- network connection rate ( 1.5Mbit/45Mbit/155Mbit..)
- number of hosts
- average network speed

I won't send these out to anyone nor identify you aside from saying
thanks to you :)  Thanks to everyone on snort-devel that has already
sent me statistics.

The windows implementation is being thought about a bit more and
should be included with the next beta.

now that you've read that...


Here's the URLs so you can wget:

http://www.snort.org/dl/beta/snort-1.9.0beta5.tar.gz
http://www.snort.org/dl/beta/snort-1.9.0beta5.tar.gz.asc 
-- 
Chris Green <cmg () sourcefire com>
Laugh and the world laughs with you, snore and you sleep alone.





-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort 1.9.0beta5 Chris Green (Aug 14)
- Re: Snort 1.9.0beta5 Chris Green (Aug 14)
- <Possible follow-ups>
- RE: Snort 1.9.0beta5 Gray . Brendan (Aug 16)
  - Re: Snort 1.9.0beta5 Chris Green (Aug 16)