Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: HELP!!! HELP!!! HELP!!!

From: "Michael Steele" <michaels () winsnort com>
Date: Fri, 12 Nov 2004 19:05:56 -0800
He's having a pcap problem. Go get the docs and start over with a new
install, who knows what you may have done.

Kindest regards, 
Michael...

WINSNORT.com Management Team Member
-- 
Pick up your FREE Windows or UNIX Snort installation guides       
mailto:support () winsnort com
Website: http://www.winsnort.com
Snort: Open Source Network IDS - http://www.snort.org




-----Original Message-----
From: snort-users-admin () lists sourceforge net [mailto:snort-users-
admin () lists sourceforge net] On Behalf Of Matthew K. Lee
Sent: Friday, November 12, 2004 6:42 AM
To: Jeremiah J Batac
Cc: snort-users () lists sourceforge net
Subject: RE: [Snort-users] HELP!!! HELP!!! HELP!!!

Jeremiah,

I think you may be missing your Unicode.map file.  Try to place that
file where it needs to be.  If that doesn't work, you might try to
comment out the http_inspect lines to see if you have a configuration
problem there.  If that still doesn't work, you may want to post your
snort.conf file to the list.

Thanks,

Matt

-----Original Message-----
From: Jeremiah J Batac [mailto:jjbatac () yahoo com]
Sent: Friday, November 12, 2004 6:28 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] HELP!!! HELP!!! HELP!!!

hello snort users,,, im a newbie in the IDS field. Im
trying my best to make this snort thing to work in
Windows XP. I'm so frustrated coz after downloading
tons of documents to help me set it up, tried all
their steps and guess what its partially working...
Can somebody kind enough to walk me through to make it
work. current softwares to install snort that i have
right now are the following...

acid
adodb
dbtools
libnet-1.0.2f
packetbuild-1.4
php-4.3.9-win32
phplot-4.4.6
application_service
mysqlsetup
snort-2_1_0
winpcap_3_0


I already tried to install and follow the steps 5times
and unfortunately i just go up to this point


C:\Snort>snort
Running in IDS mode with inferred config file:
./snort.conf
Log directory = log

Initializing Network Interface
\Device\NPF_{3A842A08-FAFC-4986-A869-4AB8B6C9DD67
}

        --== Initializing Snort ==--
Initializing Output Plugins!
Decoding Ethernet on interface
\Device\NPF_{3A842A08-FAFC-4986-A869-4AB8B6C9DD67
}
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file ./snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
,-----------[Flow Config]----------------------
| Stats Interval:  0
| Hash Method:     2
| Memcap:          10485760
| Rows  :          4099
| Overhead Bytes:  16400(%0.16)
`----------------------------------------------
No arguments to frag2 directive, setting defaults to:
    Fragment timeout: 60 seconds
    Fragment memory cap: 4194304 bytes
    Fragment min_ttl:   0
    Fragment ttl_limit: 5
    Fragment Problems: 0
    Self preservation threshold: 500
    Self preservation period: 90
    Suspend threshold: 1000
    Suspend period: 30
Stream4 config:
    Stateful inspection: ACTIVE
    Session statistics: INACTIVE
    Session timeout: 30 seconds
    Session memory cap: 8388608 bytes
    State alerts: INACTIVE
    Evasion alerts: INACTIVE
    Scan alerts: INACTIVE
    Log Flushed Streams: INACTIVE
    MinTTL: 1
    TTL Limit: 5
    Async Link: 0
    State Protection: 0
    Self preservation threshold: 50
    Self preservation period: 90
    Suspend threshold: 200
    Suspend period: 30
Stream4_reassemble config:
    Server reassembly: INACTIVE
    Client reassembly: ACTIVE
    Reassembler alerts: ACTIVE
    Zero out flushed packets: INACTIVE
    flush_data_diff_size: 500
    Ports: 21 23 25 53 80 110 111 143 513 1433
    Emergency Ports: 21 23 25 53 80 110 111 143 513
1433
ERROR: ./snort.conf(287) => Invalid file name for IIS
Unicode Map file.
Fatal Error, Quitting..

C:\Snort>

hope this will help. like you i would like to be a
pioneer on this OpenSource IDS. Help is much
appreciated. Thank you very much.





__________________________________
Do you Yahoo!?
Check out the new Yahoo! Front Page.
www.yahoo.com




-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_idU88&alloc_id065&op=ick
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users








-------------------------------------------------------
This SF.Net email is sponsored by: InterSystems CACHE
FREE OODBMS DOWNLOAD - A multidimensional database that combines
robust object and relational technologies, making it a perfect match
for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: