Snort mailing list archives
Please verif Output of DPX (sample dynamic preprocessor tool kit)
From: Amtul Saboor <saboor.amtul () gmail com>
Date: Fri, 29 Nov 2013 10:26:53 -0800
Hello I recently installed the sample dynamic preprocessor tool kit and after following each step from the following official snort link: http://www.snort.org/snort-downloads/dynamic-preprocessor-starter-kit/ Please let me know if this is not the expetcted output. I need to verify if I am doing it correctly. because i dont think dpx.c is running the way it should. This is my output when i type ./test.sh : #/dpx-1.6# cd /usr/src/dp #/dp# ./test.sh ./setup.sh: line 1: /root/snort: is a directory Running in IDS mode --== Initializing Snort ==-- Initializing Output Plugins! Initializing Preprocessors! Initializing Plug-ins! Parsing Rules file "test/snort.conf" Tagged Packet Limit: 256 Loading all dynamic preprocessor libs from lib/snort_dynamicpreprocessor... Loading dynamic preprocessor library lib/snort_dynamicpreprocessor/libdpx.so... done Finished Loading all dynamic preprocessor libs from lib/snort_dynamicpreprocessor Log directory = /var/log/snort +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... 4 Snort rules read 4 detection rules 0 decoder rules 0 preprocessor rules 2 Option Chains linked into 2 Chain Headers 0 Dynamic rules +++++++++++++++++++++++++++++++++++++++++++++++++++ +-------------------[Rule Port Counts]--------------------------------------- | tcp udp icmp ip | src 0 0 0 0 | dst 0 0 0 0 | any 4 0 0 0 | nc 4 0 0 0 | s+d 0 0 0 0 +---------------------------------------------------------------------------- +-----------------------[detection-filter-config]------------------------------ | memory-cap : 1048576 bytes +-----------------------[detection-filter-rules]------------------------------- | none ------------------------------------------------------------------------------- +-----------------------[rate-filter-config]----------------------------------- | memory-cap : 1048576 bytes +-----------------------[rate-filter-rules]------------------------------------ | none ------------------------------------------------------------------------------- +-----------------------[event-filter-config]---------------------------------- | memory-cap : 1048576 bytes +-----------------------[event-filter-global]---------------------------------- +-----------------------[event-filter-local]----------------------------------- | none +-----------------------[suppression]------------------------------------------ | none ------------------------------------------------------------------------------- Rule application order: activation->dynamic->pass->drop->sdrop->reject->alert->log Verifying Preprocessor Configurations! [ Port Based Pattern Matching Memory ] pcap DAQ configured to read-file. The DAQ version does not support reload. Acquiring network traffic from "test/test.pcap". Reload thread starting... Reload thread started, thread 0xb6997b70 (1754) --== Initialization Complete ==-- ,,_ -*> Snort! <*- o" )~ Version 2.9.5.5 GRE (Build 205) '''' By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team Copyright (C) 1998-2013 Sourcefire, Inc., et al. Using libpcap version 1.0.0 Using PCRE version: 7.8 2008-09-05 Using ZLIB version: 1.2.3.3 Preprocessor Object: dpx Version 1.6 <Build 1> Commencing packet processing (pid=1753) 3 256 2 0 4 256 2 0 5 256 1 0 =============================================================================== Run time for packet processing was 0.994 seconds Snort processed 6 packets. Snort ran for 0 days 0 hours 0 minutes 0 seconds Pkts/sec: 6 =============================================================================== Packet I/O Totals: Received: 6 Analyzed: 6 (100.000%) Dropped: 0 ( 0.000%) Filtered: 0 ( 0.000%) Outstanding: 0 ( 0.000%) Injected: 0 =============================================================================== Breakdown by protocol (includes rebuilt packets): Eth: 6 (100.000%) VLAN: 0 ( 0.000%) IP4: 6 (100.000%) Frag: 0 ( 0.000%) ICMP: 0 ( 0.000%) UDP: 0 ( 0.000%) TCP: 6 (100.000%) IP6: 0 ( 0.000%) IP6 Ext: 0 ( 0.000%) IP6 Opts: 0 ( 0.000%) Frag6: 0 ( 0.000%) ICMP6: 0 ( 0.000%) UDP6: 0 ( 0.000%) TCP6: 0 ( 0.000%) Teredo: 0 ( 0.000%) ICMP-IP: 0 ( 0.000%) IP4/IP4: 0 ( 0.000%) IP4/IP6: 0 ( 0.000%) IP6/IP4: 0 ( 0.000%) IP6/IP6: 0 ( 0.000%) GRE: 0 ( 0.000%) GRE Eth: 0 ( 0.000%) GRE VLAN: 0 ( 0.000%) GRE IP4: 0 ( 0.000%) GRE IP6: 0 ( 0.000%) GRE IP6 Ext: 0 ( 0.000%) GRE PPTP: 0 ( 0.000%) GRE ARP: 0 ( 0.000%) GRE IPX: 0 ( 0.000%) GRE Loop: 0 ( 0.000%) MPLS: 0 ( 0.000%) ARP: 0 ( 0.000%) IPX: 0 ( 0.000%) Eth Loop: 0 ( 0.000%) Eth Disc: 0 ( 0.000%) IP4 Disc: 0 ( 0.000%) IP6 Disc: 0 ( 0.000%) TCP Disc: 0 ( 0.000%) UDP Disc: 0 ( 0.000%) ICMP Disc: 0 ( 0.000%) All Discard: 0 ( 0.000%) Other: 0 ( 0.000%) Bad Chk Sum: 0 ( 0.000%) Bad TTL: 0 ( 0.000%) S5 G 1: 0 ( 0.000%) S5 G 2: 0 ( 0.000%) Total: 6 =============================================================================== Action Stats: Alerts: 3 ( 50.000%) Logged: 3 ( 50.000%) Passed: 0 ( 0.000%) Limits: Match: 0 Queue: 0 Log: 0 Event: 0 Alert: 0 Verdicts: Allow: 6 (100.000%) Block: 0 ( 0.000%) Replace: 0 ( 0.000%) Whitelist: 0 ( 0.000%) Blacklist: 0 ( 0.000%) Ignore: 0 ( 0.000%) ============================= Snort exiting Regards -- *Amtul Saboor* *MS (Information Security)* *Military College of Signals, National University of Science & Technology, Rawalpindi* *Pakistan*
------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Please verif Output of DPX (sample dynamic preprocessor tool kit) Amtul Saboor (Nov 29)
- Re: Please verif Output of DPX (sample dynamic preprocessor tool kit) Russ Combs (Dec 02)