Snort mailing list archives
Re: Token ring support of snort
From: Martin Roesch <roesch () sourcefire com>
Date: Thu, 01 Nov 2001 11:02:29 -0500
That's very possible, the Token Ring users of Snort are a pretty small
set of people, and I think you're the first person that's tried it on
Windows. If you could capture some packets with Ethereal and mail them
to me (the binary packet captures), I'll see if I can update the
decoder.
-Marty
bulent_sahin () tb net tr wrote:
Yes, the interface name is correct. I tried, but same thing happened. Program captures some frames, but categorizes them as OTHER. I suppose that snort does not undestand token-ring, llc2 and snap headers? Thanks Bulent Martin Roesch <roesch () sourcefire com> To: Sent by: bulent_sahin () tb net tr roesch () mail sourcefire com cc: snort-users () lists sourceforge net 01.11.2001 17:04 Subject: Re: [Snort-users] Token ring support of snort Is that the right interface name for the T/R interface? To get a list of the interfaces that are available run 'snort -W', then set the sniffing interface with 'snort -i <intf>' -Marty bulent_sahin () tb net tr wrote:Hi, Does anybody know about token ring support of snort?A few days ago I installed snort on my computer, but when I try "snort -v" it assumes that all packets are ethernet packets. Winpcap and ethereal works fine. I pasted "snort -v" output below. C:\Downloads\Snort-1.8.1-win32-static\Snort-1.8.1-win32\snort -v Log directory = --== Initializing Snort ==-- Initializing Network Interface \ Decoding Ethernet on interface \Device\Packet_MDGNDIS41 --== Initialization Complete ==-- -*> Snort! <*- Version 1.8-WIN32 (Build 74) By Martin Roesch (roesch () sourcefire com, www.snort.org) 1.7-WIN32 Port By Michael Davis (mike () datanerds net, ww 1.8-WIN32 Port By Chris Reid (chris.reid@codecraftconsu (based on code from 1.7 port) ======================================================= Snort analyzed 1312 out of 1312 packets, dropping 0(0.0 Breakdown by protocol: Action Stats: TCP: 0 (0.000%) ALERTS: 0 UDP: 0 (0.000%) LOGGED: 0 ICMP: 0 (0.000%) PASSED: 0 ARP: 0 (0.000%) IPv6: 0 (0.000%) IPX: 0 (0.000%) OTHER: 1311 (99.924%) DISCARD: 0 (0.000%) ======================================================= Fragmentation Stats: Fragmented IP Packets: 0 (0.000%) Fragment Trackers: 0 Rebuilt IP Packets: 0 Frag elements used: 0 Discarded(incomplete): 0 Discarded(timeout): 0 Frag2 memory faults: 0 ======================================================= TCP Stream Reassembly Stats: TCP Packets Used: 0 (0.000%) Stream Trackers: 0 Stream flushes: 0 Segments used: 0 Stream4 Memory Faults: 0 ======================================================= pcap_loop: read error: PacketReceivePacket failedpcap_s r Snort received signal 3, exiting Thanks, Bulent-- Martin Roesch - President, Sourcefire Inc. - (410)552-6999 roesch () sourcefire com - http://www.sourcefire.com Snort: Open Source Network IDS - http://www.snort.org
-- Martin Roesch - President, Sourcefire Inc. - (410)552-6999 roesch () sourcefire com - http://www.sourcefire.com Snort: Open Source Network IDS - http://www.snort.org _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Token ring support of snort bulent_sahin (Nov 01)
- Re: Token ring support of snort Martin Roesch (Nov 01)
- <Possible follow-ups>
- Re: Token ring support of snort bulent_sahin (Nov 01)
- Re: Token ring support of snort Martin Roesch (Nov 01)
- RE: Token ring support of snort Karl Lovink (Nov 01)
- Re: Token ring support of snort Fyodor (Nov 02)
- Re: Token ring support of snort Martin Roesch (Nov 01)