Snort mailing list archives
Re: How to start and monitor packets on windows
From: Joel Esler <joel.esler () sourcefire com>
Date: Thu, 20 Jul 2006 08:52:28 -0400
On the Windows OS you *can* use "-i 1". It specifies the first interface found. (So you just have to watch, if you
have, say, a built in modem or something. Because Windows will sniff your modem if you have the wrong interface.
Just make sure you have a space in between "-i" and "1". ("-i 1")
You can look the order up in the registry, or you can just run 'snort -vde -i 1' then try 'snort -vde -i 2'.... etc..
until you find your traffic.
J
On Thu, Jul 20, 2006 at 05:13:00AM -0500, Rich Adamson sent me:
VINAY_SHARMA () advanex co jp wrote:Hi, I am new for snort.i installed wincap,snort 2.x and IDScenter on windows xp.when i trying to start snort there is fatal error: on telenet decode arguments: port to decode telnet on: 21 23 25 119 Error: c:\snort\rules\attack-responses.rules(11) => unknown classtype:bad-unknow fatal error, quiting..The above is telling you the rules in attack-responses.rules file has an error, its probably on line 11, and unless you copy/pasted the error message incorrectly, it looks like "bad-unknow" should have an "n" at the end of that string.if i try to run sonrt from command line on bin directory with snort -v -i1 it will be start but i can not see any packets transaction when i am browsing any site.Then either interface "-i1" is incorrect, or, the sniffing interface is attached to an ethernet switch that is masking the data from you. If you are using a switch, you'll either need to replace it with a hub, purchase a "tap", or change your network somehow to see the traffic of interest. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
+---------------------------------------------------------------------+ Joel Esler Senior Security Consultant 1-706-627-2101 Sourcefire Security for the /Real/ World -- http://www.sourcefire.com Snort - Open Source Network IPS/IDS -- http://www.snort.org GPG Key: http://demo.sourcefire.com/jesler.pgp.key AIM:eslerjoel YMSG:eslerjoel Gtalk:eslerj +---------------------------------------------------------------------+ ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- How to start and monitor packets on windows VINAY_SHARMA (Jul 20)
- Re: How to start and monitor packets on windows Rich Adamson (Jul 20)
- Re: How to start and monitor packets on windows Joel Esler (Jul 20)
- Re: How to start and monitor packets on windows info+lucretia.ca (Jul 20)
- Re: How to start and monitor packets on windows Jeff Dell (Jul 20)
- <Possible follow-ups>
- Re: How to start and monitor packets on windows Klein, Jeremie (Jul 20)
- Re: How to start and monitor packets on windows VINAY_SHARMA (Jul 20)
- Re: How to start and monitor packets on windows Rich Adamson (Jul 20)