Re: RE: newbie question

[Ravi Malghan <rmalghan () yahoo com>]

Tyler: I have only one interface. I tried what you
suggested. I did a bunch of web requests from the
machine and telnet request into the machine. No luck.
Here's the output of the commands:
=============================
C:\PROGS\Snort\bin>snort -W

-*> Snort! <*-
Version 2.0.1-ODBC-MySQL-FlexRESP-WIN32 (Build 88)
By Martin Roesch (roesch () sourcefire com,
www.snort.org)
1.7-WIN32 Port By Michael Davis (mike () datanerds net,
www.datanerds.net/~mike)
1.8 - 2.0 WIN32 Port By Chris Reid
(chris.reid () codecraftconsultants com)

Interface       Device          Description
-------------------------------------------
1  \Device\NPF_{C66249AC-E359-47DE-AF1D-DA41B5B303CE}
(Cisco 350 series Wireless
 LAN Adapter.)
====================
C:\PROGS\Snort\bin>snort -dv -i 1
Running in packet dump mode
Log directory = log

Initializing Network Interface
\Device\NPF_{C66249AC-E359-47DE-AF1D-DA41B5B303CE
}

        --== Initializing Snort ==--
Initializing Output Plugins!
Decoding Ethernet on interface
\Device\NPF_{C66249AC-E359-47DE-AF1D-DA41B5B303CE
}

        --== Initialization Complete ==--

-*> Snort! <*-
Version 2.0.1-ODBC-MySQL-FlexRESP-WIN32 (Build 88)
By Martin Roesch (roesch () sourcefire com,
www.snort.org)
1.7-WIN32 Port By Michael Davis (mike () datanerds net,
www.datanerds.net/~mike)
1.8 - 2.0 WIN32 Port By Chris Reid
(chris.reid () codecraftconsultants com)
=======================
Jon: I did reboot the machine after the winpcap
installation. I will try the menesis.

Thanks
Ravi
--- "Hudak, Tyler" <Tyler.Hudak () roadway com> wrote:
> From the output below, Snort probably isn't
> hanging...its doing exactly what
> you want.  The only thing is you aren't seeing any
> packets go by on the
> interface you are listening to.  
>
> Run 'snort -W' to list all the available interfaces
> and make sure you are
> listening to the interface you want by running
> 'snort -dv -i #' where # is
> the number of the interface you want to listen on.  
>
> Also, try generating some traffic on your local box
> to make sure you are
> seeing things go by.
>
> Tyler
>
> --__--__--
>
> Message: 1
> Date: Tue, 5 Aug 2003 15:37:13 -0700 (PDT)
> From: Ravi Malghan <rmalghan () yahoo com>
> To: snort-users () lists sourceforge net
> Subject: [Snort-users] newbie question
>
> Hi: i just installed snort and winpcap on a w2K OS.
> I
> have not made any changes. When I run snort.exe -dv,
> it just hangs there. I donot see any packets. I
> donot
> see any way to debug and see whatz happening. I
> tried
> pinging and telnetting to the host when this was
> running. What am I missing here.
>
> Thanks in advance.
> RM
> =================
> C:\PROGS\Snort\bin>snort.exe -dv
> Running in packet dump mode
> Log directory = log
>
> Initializing Network Interface
> \Device\NPF_{C66249AC-E359-47DE-AF1D-DA41B5B303CE
> }
>
>         --== Initializing Snort ==--
> Initializing Output Plugins!
> Decoding Ethernet on interface
> \Device\NPF_{C66249AC-E359-47DE-AF1D-DA41B5B303CE
> }
>
>         --== Initialization Complete ==--
>
> -*> Snort! <*-
> Version 2.0.1-ODBC-MySQL-FlexRESP-WIN32 (Build 88)
> By Martin Roesch (roesch () sourcefire com,
> www.snort.org)
> 1.7-WIN32 Port By Michael Davis (mike () datanerds net,
> www.datanerds.net/~mike)
> 1.8 - 2.0 WIN32 Port By Chris Reid
> (chris.reid () codecraftconsultants com)
>
> ========================


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com


-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users