Snort mailing list archives
Re: HELP!!! HELP!!! HELP!!!
From: Theodore Stout <theodorestout () yahoo com>
Date: Fri, 12 Nov 2004 08:13:16 -0800 (PST)
Yo hommmie, The Pig likes Fedora Core 2 or OpenBSD. Do not install on XP. Repeat, do not install on anything related to Microsoft. Of course you are frustrated. If I did it on XP, I would just about go crazy too. Get a good Snort book or use Patrick Harper's materials and just install it as he says. I took me about 2 weeks to get it right the first time but now I can install it in about 2 hours. Theo --- Jeremiah J Batac <jjbatac () yahoo com> wrote:
hello snort users,,, im a newbie in the IDS field. Im trying my best to make this snort thing to work in Windows XP. I'm so frustrated coz after downloading tons of documents to help me set it up, tried all their steps and guess what its partially working... Can somebody kind enough to walk me through to make it work. current softwares to install snort that i have right now are the following... acid adodb dbtools libnet-1.0.2f packetbuild-1.4 php-4.3.9-win32 phplot-4.4.6 application_service mysqlsetup snort-2_1_0 winpcap_3_0 I already tried to install and follow the steps 5times and unfortunately i just go up to this point C:\Snort>snort Running in IDS mode with inferred config file: ./snort.conf Log directory = log Initializing Network Interface \Device\NPF_{3A842A08-FAFC-4986-A869-4AB8B6C9DD67 } --== Initializing Snort ==-- Initializing Output Plugins! Decoding Ethernet on interface \Device\NPF_{3A842A08-FAFC-4986-A869-4AB8B6C9DD67 } Initializing Preprocessors! Initializing Plug-ins! Parsing Rules file ./snort.conf +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... ,-----------[Flow Config]---------------------- | Stats Interval: 0 | Hash Method: 2 | Memcap: 10485760 | Rows : 4099 | Overhead Bytes: 16400(%0.16) `---------------------------------------------- No arguments to frag2 directive, setting defaults to: Fragment timeout: 60 seconds Fragment memory cap: 4194304 bytes Fragment min_ttl: 0 Fragment ttl_limit: 5 Fragment Problems: 0 Self preservation threshold: 500 Self preservation period: 90 Suspend threshold: 1000 Suspend period: 30 Stream4 config: Stateful inspection: ACTIVE Session statistics: INACTIVE Session timeout: 30 seconds Session memory cap: 8388608 bytes State alerts: INACTIVE Evasion alerts: INACTIVE Scan alerts: INACTIVE Log Flushed Streams: INACTIVE MinTTL: 1 TTL Limit: 5 Async Link: 0 State Protection: 0 Self preservation threshold: 50 Self preservation period: 90 Suspend threshold: 200 Suspend period: 30 Stream4_reassemble config: Server reassembly: INACTIVE Client reassembly: ACTIVE Reassembler alerts: ACTIVE Zero out flushed packets: INACTIVE flush_data_diff_size: 500 Ports: 21 23 25 53 80 110 111 143 513 1433 Emergency Ports: 21 23 25 53 80 110 111 143 513 1433 ERROR: ./snort.conf(287) => Invalid file name for IIS Unicode Map file. Fatal Error, Quitting.. C:\Snort> hope this will help. like you i would like to be a pioneer on this OpenSource IDS. Help is much appreciated. Thank you very much. __________________________________ Do you Yahoo!? Check out the new Yahoo! Front Page. www.yahoo.com
-------------------------------------------------------
This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
__________________________________ Do you Yahoo!? Check out the new Yahoo! Front Page. www.yahoo.com ------------------------------------------------------- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- HELP!!! HELP!!! HELP!!! Jeremiah J Batac (Nov 12)
- RE: HELP!!! HELP!!! HELP!!! Jim Hendrick (Nov 12)
- RE: HELP!!! HELP!!! HELP!!! Michael Steele (Nov 12)
- Re: HELP!!! HELP!!! HELP!!! Theodore Stout (Nov 12)
- <Possible follow-ups>
- Re: RE: HELP!!! HELP!!! HELP!!! jrhendri (Nov 12)
- RE: HELP!!! HELP!!! HELP!!! Matthew K. Lee (Nov 12)
- RE: HELP!!! HELP!!! HELP!!! Michael Steele (Nov 12)
- FW: HELP!!! HELP!!! HELP!!! Matthew K. Lee (Nov 12)
- RE: HELP!!! HELP!!! HELP!!! SN ORT (Nov 12)
- Re: HELP!!! HELP!!! HELP!!! M. Shirk (Nov 12)
- RE: HELP!!! HELP!!! HELP!!! Harper, Patrick (Nov 12)
- RE: HELP!!! HELP!!! HELP!!! Jim Hendrick (Nov 12)