Snort mailing list archives
Re: rules file doesn't work properly, no DoS or portscan detected...
From: "Michael Steele" <michaels () winsnort com>
Date: Sun, 26 May 2013 14:43:25 -0400
No need to specify an interface, but Snort will always use the first interface. Use the -W switch to see the list, and order of interfaces. Best regards, Michael... WINSNORT.com Management Team Member -- ****************** Established ~ 2001 ******************* * Visit Us @ http://www.winsnort.com * * ~~ FREE WinIDS Snort installation guides ~~ * * ~~ FREE support forums ~~ * * Snort: Open Source Network IDS - http://www.snort.org * ********************************************************* -----Original Message----- From: Joel Esler [mailto:jesler () sourcefire com] Sent: Saturday, May 25, 2013 8:16 PM To: waldo kitty Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] rules file doesn't work properly, no DoS or portscan detected... You'll want to specify an interface, especially in Windows. Sent from my iPad On May 25, 2013, at 5:01 PM, waldo kitty <wkitty42 () windstream net> wrote:
On 5/25/2013 16:30, Gijs van der Velden wrote:There is only one interface on the system so I left it as not set, but when I set it the same thing happens.i've always been under the impression that one should always supply "-i interface"...I don't get it since snort is actually capturing packets as well, but maybe its only capturing outgoing packets?weird... what interface does it say it is using? you should be able to find that in the log...Date: Sat, 25 May 2013 10:00:58 -0400 From: wkitty42 () windstream net To: snort-users () lists sourceforge net Subject: Re: [Snort-users] rules file doesn't work properly, no DoS orportscan detected...On 5/25/2013 08:42, Gijs van der Velden wrote:I just started snort with: snort -c D:\Snort\etc\snort.conf -l D:\Snort\log -T –daq pcap And it came up with the error active response: can't open ip! Maybe this is the cause of the problem?what interface are you trying to have snort watch?-- NOTE: No off-list assistance is given without prior approval. Please keep mailing list traffic on the list unless private contact is specifically requested and granted. ---------------------------------------------------------------------- -------- Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: rules file doesn't work properly, no DoS or portscan detected..., (continued)
- Message not available
- Re: rules file doesn't work properly, no DoS or portscan detected... Gijs van der Velden (May 24)
- Re: rules file doesn't work properly, no DoS or portscan detected... Gijs van der Velden (May 25)
- Re: rules file doesn't work properly, no DoS or portscan detected... waldo kitty (May 25)
- Re: rules file doesn't work properly, no DoS or portscan detected... Gijs van der Velden (May 25)
- Re: rules file doesn't work properly, no DoS or portscan detected... waldo kitty (May 25)
- Re: rules file doesn't work properly, no DoS or portscan detected... Joel Esler (May 25)
- Re: rules file doesn't work properly, no DoS or portscan detected... Gijs van der Velden (May 26)
- Re: rules file doesn't work properly, no DoS or portscan detected... waldo kitty (May 26)
- Re: rules file doesn't work properly, no DoS or portscan detected... Gijs van der Velden (May 26)
- Re: rules file doesn't work properly, no DoS or portscan detected... Michael Steele (May 26)
- Re: rules file doesn't work properly, no DoS or portscan detected... Michael Steele (May 26)
- Re: rules file doesn't work properly, no DoS or portscan detected... Michael Steele (May 26)
- Re: rules file doesn't work properly, no DoS or portscan detected... Gijs van der Velden (Jun 19)