Snort mailing list archives
Re: (no subject)
From: Charles Pigeon <doom.rainer () gmail com>
Date: Sat, 23 Jun 2012 11:49:40 -0400
If you are using windows 7 you need run the command prompt as an administrator. By default, capturing the packets requires elevated permissions. Also, it looks like your real network interface is on i4 from your previous emails. A good quick test would be running wireshark as an administrator and selection the physical network card. Make sure it sees packets? Thanks, Charles On Jun 23, 2012 1:56 AM, "Deepika p" <dgpks1 () gmail com> wrote:
Hi, c:\winids\snort\bin\snort -v -i2 Running in packet dump mode --== Initializing Snort ==-- Initializing Output Plugins! pcap DAQ configured to passive. The DAQ version does not support reload. Acquiring network traffic from "\Device\NPF_{D33FABD2-08A8-4FEE-86DB-5935FE26E33 3}". Decoding Ethernet --== Initialization Complete ==-- ,,_ -*> Snort! <*- o" )~ Version 2.9.2.3-ODBC-MySQL-WIN32 IPv6 GRE (Build 205) '''' By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-t eam Copyright (C) 1998-2012 Sourcefire, Inc., et al. Using PCRE version: 8.10 2010-06-25 Using ZLIB version: 1.2.3 Commencing packet processing (pid=4104) *** Caught Int-Signal =============================================================================== Run time for packet processing was 7853.195000 seconds Snort processed 0 packets. Snort ran for 0 days 2 hours 10 minutes 53 seconds Pkts/hr: 0 Pkts/min: 0 Pkts/sec: 0 =============================================================================== Packet I/O Totals: Received: 0 Analyzed: 0 ( 0.000%) Dropped: 0 ( 0.000%) Filtered: 0 ( 0.000%) Outstanding: 0 ( 0.000%) Injected: 0 =============================================================================== Breakdown by protocol (includes rebuilt packets): Eth: 0 ( 0.000%) VLAN: 0 ( 0.000%) IP4: 0 ( 0.000%) Frag: 0 ( 0.000%) ICMP: 0 ( 0.000%) UDP: 0 ( 0.000%) TCP: 0 ( 0.000%) IP6: 0 ( 0.000%) IP6 Ext: 0 ( 0.000%) IP6 Opts: 0 ( 0.000%) Frag6: 0 ( 0.000%) ICMP6: 0 ( 0.000%) UDP6: 0 ( 0.000%) TCP6: 0 ( 0.000%) Teredo: 0 ( 0.000%) ICMP-IP: 0 ( 0.000%) EAPOL: 0 ( 0.000%) IP4/IP4: 0 ( 0.000%) IP4/IP6: 0 ( 0.000%) IP6/IP4: 0 ( 0.000%) IP6/IP6: 0 ( 0.000%) GRE: 0 ( 0.000%) GRE Eth: 0 ( 0.000%) GRE VLAN: 0 ( 0.000%) GRE IP4: 0 ( 0.000%) GRE IP6: 0 ( 0.000%) GRE IP6 Ext: 0 ( 0.000%) GRE PPTP: 0 ( 0.000%) GRE ARP: 0 ( 0.000%) GRE IPX: 0 ( 0.000%) GRE Loop: 0 ( 0.000%) MPLS: 0 ( 0.000%) ARP: 0 ( 0.000%) IPX: 0 ( 0.000%) Eth Loop: 0 ( 0.000%) Eth Disc: 0 ( 0.000%) IP4 Disc: 0 ( 0.000%) IP6 Disc: 0 ( 0.000%) TCP Disc: 0 ( 0.000%) UDP Disc: 0 ( 0.000%) ICMP Disc: 0 ( 0.000%) All Discard: 0 ( 0.000%) Other: 0 ( 0.000%) Bad Chk Sum: 0 ( 0.000%) Bad TTL: 0 ( 0.000%) S5 G 1: 0 ( 0.000%) S5 G 2: 0 ( 0.000%) Total: 0 =============================================================================== Snort exiting This is the output with every interface I used i.e ,1 ,2 ,3 and 4. For every interface I have run snort for 1 hour . At the same I accessed Internet , many websites .What is the actual problem that making snort to not showing the traffic. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Diameter, (continued)
- Re: Diameter Joshua Kinard (Apr 11)
- (no subject) Indrajeet Gupta (Apr 11)
- Re: (no subject) CleBeer (Apr 11)
- (no subject) Simon Blixt (Apr 21)
- Re: problem with Snort-rules not matching [SOLVED] Simon Blixt (Apr 25)
- (no subject) afessa akahc (May 14)
- (no subject) Kungu Panda (Jun 21)
- Re: (no subject) Naresh Narang (Jun 21)
- Re: (no subject) Peter Bates (Jun 21)
- (no subject) Deepika p (Jun 22)
- Re: (no subject) Charles Pigeon (Jun 23)