Snort mailing list archives
Re: how enable icmp snort-2.9.6.1
From: hernani <coelho.hernani () sapo pt>
Date: Tue, 17 Jun 2014 14:03:12 +0100
Em 17-06-2014 11:39, hernani escreveu:
hello, i put preprocessor and error disappear but snort dont detect icmp. this is preprocessor portscan preprocessor sfportscan: proto { all } scan_type { all } memcap { 10000000 } sense_level { High } and this preprocessor stream5_global: track_tcp yes, \ track_udp yes, \ track_icmp yes, \ max_tcp 262144, \ max_udp 131072, \ max_active_responses 2, \ min_response_seconds 5 Preprocessor stream5_icmp: thanks hernani coelhohello,*when i make this command --->* sudo /usr/local/snort/bin/snort -A console -u snort -g snort -c /usr/local/snort/etc/snort.conf -i wlan0*i get this error ---> *WARNING: Stream5 ICMP misconfigured (policy 0). ERROR: Stream5 not properly configured... exiting Fatal Error, Quitting..
hello,i make progress , when i make this command ---> sudo /usr/local/snort/bin/snort -A console -u snort -g snort -c /etc/snort/snort.conf -i wlan0
give this --->
Packet I/O Totals:
Received: 37
Analyzed: 37 (100.000%)
Dropped: 0 ( 0.000%)
Filtered: 0 ( 0.000%)
Outstanding: 0 ( 0.000%)
Injected: 0
===============================================================================
Breakdown by protocol (includes rebuilt packets):
Eth: 37 (100.000%)
VLAN: 0 ( 0.000%)
IP4: 37 (100.000%)
Frag: 0 ( 0.000%)
*ICMP: 20 ( 54.054%)*
UDP: 2 ( 5.405%)
TCP: 15 ( 40.541%)
IP6: 0 ( 0.000%)
IP6 Ext: 0 ( 0.000%)
IP6 Opts: 0 ( 0.000%)
Frag6: 0 ( 0.000%)
ICMP6: 0 ( 0.000%)
UDP6: 0 ( 0.000%)
TCP6: 0 ( 0.000%)
Teredo: 0 ( 0.000%)
ICMP-IP: 0 ( 0.000%)
IP4/IP4: 0 ( 0.000%)
IP4/IP6: 0 ( 0.000%)
IP6/IP4: 0 ( 0.000%)
IP6/IP6: 0 ( 0.000%)
GRE: 0 ( 0.000%)
GRE Eth: 0 ( 0.000%)
GRE VLAN: 0 ( 0.000%)
GRE IP4: 0 ( 0.000%)
GRE IP6: 0 ( 0.000%)
GRE IP6 Ext: 0 ( 0.000%)
GRE PPTP: 0 ( 0.000%)
GRE ARP: 0 ( 0.000%)
GRE IPX: 0 ( 0.000%)
GRE Loop: 0 ( 0.000%)
MPLS: 0 ( 0.000%)
ARP: 0 ( 0.000%)
IPX: 0 ( 0.000%)
Eth Loop: 0 ( 0.000%)
Eth Disc: 0 ( 0.000%)
IP4 Disc: 0 ( 0.000%)
IP6 Disc: 0 ( 0.000%)
TCP Disc: 0 ( 0.000%)
UDP Disc: 0 ( 0.000%)
ICMP Disc: 0 ( 0.000%)
All Discard: 0 ( 0.000%)
Other: 0 ( 0.000%)
Bad Chk Sum: 0 ( 0.000%)
Bad TTL: 0 ( 0.000%)
S5 G 1: 0 ( 0.000%)
S5 G 2: 0 ( 0.000%)
Total: 37
===============================================================================
Action Stats:
Alerts: 0 ( 0.000%)
Logged: 0 ( 0.000%)
Passed: 0 ( 0.000%)
Limits:
Match: 0
Queue: 0
Log: 0
Event: 0
Alert: 0
Verdicts:
Allow: 22 ( 59.459%)
Block: 0 ( 0.000%)
Replace: 0 ( 0.000%)
Whitelist: 15 ( 40.541%)
Blacklist: 0 ( 0.000%)
Ignore: 0 ( 0.000%)
===============================================================================
Frag3 statistics:
Total Fragments: 0
Frags Reassembled: 0
Discards: 0
Memory Faults: 0
Timeouts: 0
Overlaps: 0
Anomalies: 0
Alerts: 0
Drops: 0
FragTrackers Added: 0
FragTrackers Dumped: 0
FragTrackers Auto Freed: 0
Frag Nodes Inserted: 0
Frag Nodes Deleted: 0
===============================================================================
Stream5 statistics:
Total sessions: 1
TCP sessions: 0
UDP sessions: 1
ICMP sessions: 0
IP sessions: 0
TCP Prunes: 0
UDP Prunes: 0
ICMP Prunes: 0
IP Prunes: 0
TCP StreamTrackers Created: 0
TCP StreamTrackers Deleted: 0
TCP Timeouts: 0
TCP Overlaps: 0
TCP Segments Queued: 0
TCP Segments Released: 0
TCP Rebuilt Packets: 0
TCP Segments Used: 0
TCP Discards: 0
TCP Gaps: 0
UDP Sessions Created: 1
UDP Sessions Deleted: 1
UDP Timeouts: 0
UDP Discards: 0
Events: 0
Internal Events: 0
TCP Port Filter
Filtered: 0
Inspected: 0
Tracked: 0
UDP Port Filter
Filtered: 0
Inspected: 0
Tracked: 1
==============================
*so snort detect icmp but not put in BASE*
can someone help me??
hernani
------------------------------------------------------------------------------ HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing & Easy Data Exploration http://p.sf.net/sfu/hpccsystems
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- how enable icmp snort-2.9.6.1 hernani (Jun 16)
- Re: how enable icmp snort-2.9.6.1 hernani (Jun 16)
- Re: how enable icmp snort-2.9.6.1 James Lay (Jun 16)
- Re: how enable icmp snort-2.9.6.1 hernani (Jun 16)
- Re: how enable icmp snort-2.9.6.1 hernani (Jun 17)
- Re: how enable icmp snort-2.9.6.1 hernani (Jun 17)
- Re: how enable icmp snort-2.9.6.1 waldo kitty (Jun 17)
- Re: how enable icmp snort-2.9.6.1 hernani (Jun 18)
- Re: how enable icmp snort-2.9.6.1 waldo kitty (Jun 18)
- Re: how enable icmp snort-2.9.6.1 hernani (Jun 18)
- Re: how enable icmp snort-2.9.6.1 waldo kitty (Jun 18)
- Re: how enable icmp snort-2.9.6.1 hernani (Jun 19)
- Re: how enable icmp snort-2.9.6.1 hernani (Jun 19)
- Re: how enable icmp snort-2.9.6.1 waldo kitty (Jun 19)
- Re: how enable icmp snort-2.9.6.1 hernani (Jun 20)
- Re: how enable icmp snort-2.9.6.1 Y M (Jun 20)
- Re: how enable icmp snort-2.9.6.1 James Lay (Jun 16)
- Re: how enable icmp snort-2.9.6.1 hernani (Jun 16)