Snort mailing list archives
Re: IPS Inline Mode
From: Erdem Çulcu <erdem () boryazilim com>
Date: Fri, 20 Jun 2014 13:54:20 +0300
I run with your command. I told you in previous messages. Snort doesnt capture any packets with this command, And Result Run time for packet processing was 22.16156 seconds Snort processed 0 packets. Snort ran for 0 days 0 hours 0 minutes 22 seconds Pkts/sec: 0 On Fri, Jun 20, 2014 at 1:50 PM, Meysam Farazmand < farazmand.meisam () gmail com> wrote:
Hi Erdem, Maybe it would better to install snort and dependencies from source. But no matter. Run snort with this command: snort -v -c /etc/snort/snort.conf -Q --daq nfq --daq-var device=eth0 I put my snort config file in /etc/snort. So if you put it in another location, change it in the above command. Also note to enable nfq daq in snort config file. On Jun 20, 2014 3:12 PM, "Erdem Çulcu" <erdem () boryazilim com> wrote:Hi Meysam, I installed these libs and libdnet-1.12. [image: Inline image 1] And I run --daq-list command Available DAQ modules: pcap(v3): readback live multi unpriv nfq(v7): live inline multi ipfw(v3): live inline multi unpriv dump(v2): readback live inline multi unpriv afpacket(v5): live inline multi unpriv Snort gives this response. On Fri, Jun 20, 2014 at 12:32 PM, Meysam Farazmand < farazmand.meisam () gmail com> wrote:Hi Erdem, Did you installed nfq library from netfilter.org? On Jun 20, 2014 1:55 PM, "Erdem Çulcu" <erdem () boryazilim com> wrote:Hi, I am new on Snort I installed with guide and run IDS mode. I have two problems. Firstly, Snort handle only host machine packets. I write some rules example: alert tcp any any -> any any (content:"www.facebook.com";msg:"Facebook Accessing";sid:1000001;) This rule works only machine which installed Snort. Other machines accesses are not handled. Other problem is Inline Mode. I run with this command snort --daq nfq -Q -c /etc/snort/snort.conf --daq-dir /usr/local/lib/daq --daq-var device=eth0 -i eth0 Snort gives this error ERROR: Can't initialize DAQ nfq (-7) - The nfq DAQ module does not support interface or readback mode! If I remove "-i eth0", Snort works but do not handle any packets Thanks for replies Good Works ------------------------------------------------------------------------------ HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing & Easy Data Exploration http://p.sf.net/sfu/hpccsystems _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- IPS Inline Mode Erdem Çulcu (Jun 20)
- Re: IPS Inline Mode Matt Martin (Jun 20)
- Re: IPS Inline Mode Y M (Jun 20)
- Re: IPS Inline Mode Erdem Çulcu (Jun 23)
- Re: IPS Inline Mode Y M (Jun 24)
- Re: IPS Inline Mode Erdem Çulcu (Jun 23)
- Message not available
- Message not available
- Fwd: IPS Inline Mode Erdem Çulcu (Jun 24)
- Message not available
- Message not available
- Message not available
- Message not available
- Re: IPS Inline Mode Erdem Çulcu (Jun 24)
- Re: IPS Inline Mode Y M (Jun 27)
- Message not available