Snort mailing list archives
RE: Snort analyzed 0 out of 0 packets, .
From: Michael Green <michael.green () gbst com>
Date: Fri, 16 Nov 2001 11:02:35 +1000
Hi I worked it out. WinPcap was binding to a nonexistant WAN interface. Using a -i 2 in snort allowed it to connect to my only interface.
-----Original Message----- From: Michael Green [SMTP:michael.green () gbst com] Sent: Friday, 16 November 2001 7:24 To: 'snort-users () lists sourceforge net' Subject: [Snort-users] Snort analyzed 0 out of 0 packets, . Hi I just finished Installing Snort Version 1.8-WIN32 (Build 86) on a Win2k box. Installed with MySql & Acid. Everything seemed fine when I installed it, the required databases were created and the acid setup connected and I hit the "Create ACID AG" button, this was also successful. I then ran Cerberus Internet Scanner against the network that the Snort machaine was installed, and nothing! The ACID console "# of Sensors:" has 0. This concerns me. So I ran snort command line: C:\Snort\Snort-1.8.2\snort.exe -c C:\Snort\Snort-1.8.2\snort.conf -l C:\Snort\Snort-1.8.2 -A full -h 203.0.171.64/26 -i 1 -d Log directory = C:\Snort\Snort-1.8.2 And it ran without errors, I then ran the scanner again, the broke out of the snort session and the stats displayed showed "Snort analyzed 0 out of 0 packets, ." Now I'm thinking Winpcap can't be installed properly so I opened Control Panel, Administrative Tools, Computer Management, then chose System Tools, System Information, Software Environment, Drivers. The NPF Kernel Driver was displayed as "Running OK". Any ideas? I'm including the output from the snort command line run here: C:\Snort\Snort-1.8.2\snort.exe -c C:\Snort\Snort-1.8.2\snort.conf -l C:\Snort\Snort-1.8.2 -A full -h 203.0.171.64/26 -i 1 -d Log directory = C:\Snort\Snort-1.8.2 --== Initializing Snort ==-- Initializing Network Interface \ Decoding Ethernet on interface \Device\Packet_NdisWanIp Initializing Preprocessors! Initializing Plug-ins! Initializating Output Plugins! Parsing Rules file C:\Snort\Snort-1.8.2\snort.conf +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... No arguments to frag2 directive, setting defaults to: Fragment timeout: 60 seconds Fragment memory cap: 4194304 bytes Stream4 config: Stateful inspection: ACTIVE Session statistics: INACTIVE Session timeout: 30 seconds Session memory cap: 8388608 bytes State alerts: INACTIVE Scan alerts: ACTIVE Log Flushed Streams: INACTIVE No arguments to stream4_reassemble, setting defaults: Reassemble client: ACTIVE Reassemble server: INACTIVE Reassemble ports: 21 23 25 53 80 143 110 111 513 Reassembly alerts: ACTIVE Back Orifice detection brute force: DISABLED Using LOCAL time WARNING: command line overrides rules file alert plugin! WARNING: command line overrides rules file alert plugin! limit == 128 UnifiedLogFilename = snort.log Opening C:\Snort\Snort-1.8.2/snort.log.1005854049 882 Snort rules read... 882 Option Chains linked into 101 Chain Headers 0 Dynamic rules +++++++++++++++++++++++++++++++++++++++++++++++++++ Rule application order: ->activation->dynamic->alert->pass->log --== Initialization Complete ==-- -*> Snort! <*- Version 1.8-WIN32 (Build 86) By Martin Roesch (roesch () sourcefire com, www.snort.org) 1.7-WIN32 Port By Michael Davis (mike () datanerds net, www.datanerds.net/~mike) 1.8-WIN32 Port By Chris Reid (chris.reid () codecraftconsultants com) (based on code from 1.7 port) ========================================================================== == === Snort analyzed 0 out of 0 packets, . Breakdown by protocol: Action Stats: TCP: 0 (0.000%) ALERTS: 0 UDP: 0 (0.000%) LOGGED: 0 ICMP: 0 (0.000%) PASSED: 0 ARP: 0 (0.000%) IPv6: 0 (0.000%) IPX: 0 (0.000%) OTHER: 0 (0.000%) DISCARD: 0 (0.000%) ========================================================================== == === Fragmentation Stats: Fragmented IP Packets: 0 (0.000%) Fragment Trackers: 0 Rebuilt IP Packets: 0 Frag elements used: 0 Discarded(incomplete): 0 Discarded(timeout): 0 Frag2 memory faults: 0 ========================================================================== == === TCP Stream Reassembly Stats: TCP Packets Used: 0 (0.000%) Stream Trackers: 0 Stream flushes: 0 Segments used: 0 Stream4 Memory Faults: 0 ========================================================================== == === pcap_loop: read error: PacketReceivePacket failedpcap_stats: PacketGetStats error Snort received signal 3, exiting Michael Green Senior Systems Engineer Communication Systems Global Banking & Securities Transactions Telephone + 61 7 3331 5555 Michael.Green () gbst com www.gbst.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort analyzed 0 out of 0 packets, . Michael Green (Nov 15)
- Re: Snort analyzed 0 out of 0 packets, . Bill Pennington (Nov 15)
- <Possible follow-ups>
- RE: Snort analyzed 0 out of 0 packets, . Michael Green (Nov 15)