Snort mailing list archives
Snort Host Attribute table
From: "Andy Berryman" <aberryman () Cymtec com>
Date: Tue, 23 Mar 2010 10:56:29 -0500
I have an attribute table that was created with the help of Hooger. <--great program btw My question is, now that snort's loading the file. How do I know it's working? I see it loading it in my syslog, but not sure if there is anything I can check to make sure it's doing what it's supposed to be doing. Also, what does the below output tell me "fpBuildServicePortGroups" Mar 23 15:42:26 (none) snort[4648]: Attribute Table Reload Thread Starting... Mar 23 15:42:26 (none) snort[4648]: Attribute Table Reload Thread Started, thread 3067956416 (4648) Mar 23 15:42:26 (none) snort[4648]: Checking PID path... Mar 23 15:42:26 (none) snort[4648]: PID path stat checked out ok, PID path set to /var/run/ Mar 23 15:42:26 (none) snort[4648]: Writing PID "4648" to file "/var/run//snort_eth1.pid" Mar 23 15:42:26 (none) snort[4648]: Decoding Ethernet on interface eth1 Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=24 as service=x11 Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=12 as service=netbios-ns Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=28 as service=ldap Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=74 as service=ident Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=91 as service=rtsp Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=13 as service=netbios-ssn Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=90 as service=ssl Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=7 as service=telnet Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=86 as service=sunrpc Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=10 as service=dcerpc Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=17 as service=finger Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=6 as service=ftp Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=57 as service=font-service Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=95 as service=ldp Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=11 as service=netbios-dgm Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=8 as service=smtp Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=21 as service=pop3 Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=14 as service=nntp Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=92 as service=kerberos Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=22 as service=snmp Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=18 as service=imap Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=15 as service=dns Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=52 as service=mysql Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=5 as service=http Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=52 as service=mysql Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=10 as service=dcerpc Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=13 as service=netbios-ssn Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=91 as service=rtsp Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=18 as service=imap Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=8 as service=smtp Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=12 as service=netbios-ns Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=6 as service=ftp Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=15 as service=dns Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=24 as service=x11 Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=7 as service=telnet Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=28 as service=ldap Mar 23 15:42:35 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=22 as service=snmp Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=5 as service=http Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=74 as service=ident Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=86 as service=sunrpc Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=94 as service=ircd Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=90 as service=ssl Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=21 as service=pop3 Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=14 as service=nntp Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=10 as service=dcerpc Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=23 as service=tftp Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=11 as service=netbios-dgm Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=12 as service=netbios-ns Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=15 as service=dns Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=92 as service=kerberos Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=22 as service=snmp Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=13 as service=netbios-ssn Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=96 as service=radius Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=86 as service=sunrpc Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=93 as service=ntp Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=10 as service=dcerpc Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=91 as service=rtsp Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=93 as service=ntp Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=11 as service=netbios-dgm Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=12 as service=netbios-ns Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=13 as service=netbios-ssn Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=22 as service=snmp Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=96 as service=radius Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=15 as service=dns Mar 23 15:42:36 (none) snort[4648]: fpBuildServicePortGroups: adding protocol-ordinal=86 as service=sunrpc Thanks, Andy Berryman ############################################################################### This message from Cymtec Systems, Inc. contains confidential information and is solely for the use of the recipient(s) named above. If you are not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this message in error and that any review, disclosure, copying, distribution or use of the contents of this message is strictly prohibited. If you have received this message in error, please destroy it immediately and notify Cymtec Systems, Inc. by telephone at +1.314.993.8700 or by return e-mail. ###############################################################################
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Host Attribute table Andy Berryman (Mar 23)
- Re: Snort Host Attribute table JJ Cummings (Mar 23)
- Re: Snort Host Attribute table Andy Berryman (Mar 23)
- Re: Snort Host Attribute table Alex Tatistcheff (Mar 24)
- Tap and Hub akos . daniel (Mar 24)
- Re: Tap and Hub Crook, Parker (Mar 24)
- Re: Tap and Hub Richard Bejtlich (Mar 26)
- Re: Tap and Hub Eoin Miller (Mar 24)
- Re: Tap and Hub Lee Clemens (Mar 24)
- Re: Snort Host Attribute table Andy Berryman (Mar 23)
- Re: Tap and Hub Eoin Miller (Mar 24)
- Message not available
- Tap and Hub D. Hofstee (Mar 24)
- Re: Snort Host Attribute table JJ Cummings (Mar 23)