Snort mailing list archives
Re: How to start and monitor packets on windows
From: VINAY_SHARMA () advanex co jp
Date: Fri, 21 Jul 2006 11:50:25 +0900
Hi rich,
Thnaks for instructions.now i can run and reciving packets
over 3rd interface.your info is great.but snort not generated any logs in
log folder.please tell me for how to get logs in logs folder i am running
snort as
snort -vde -i 3
Thanks & regards
**************************************
Vinay Sharma
I I S
Advanex Inc (www.advanex.co.jp)
Fon : 813-3822-5863
Fax : 813-5815-7881
Email : vinay_sharma () advanex co jp
Joel Esler
<joel.esler () sourcefire com> 宛先: Rich Adamson <radamson () routers com>
送信者: cc: snort-users () lists sourceforge net
snort-users-bounces () lists sour 件名: Re: [Snort-users] How to start and monitor
packets on windows
ceforge.net
2006/07/20 21:52
On the Windows OS you *can* use "-i 1". It specifies the first interface
found. (So you just have to watch, if you have, say, a built in modem or
something. Because Windows will sniff your modem if you have the wrong
interface.
Just make sure you have a space in between "-i" and "1". ("-i 1")
You can look the order up in the registry, or you can just run 'snort -vde
-i 1' then try 'snort -vde -i 2'.... etc.. until you find your traffic.
J
On Thu, Jul 20, 2006 at 05:13:00AM -0500, Rich Adamson sent me:
VINAY_SHARMA () advanex co jp wrote:Hi, I am new for snort.i installed wincap,snort 2.x and IDScenter on windows xp.when i trying to start snort there is fatal error: on telenet decode arguments: port to decode telnet on: 21 23 25 119 Error: c:\snort\rules\attack-responses.rules(11) => unknown classtype:bad-unknow fatal error, quiting..The above is telling you the rules in attack-responses.rules file has an error, its probably on line 11, and unless you copy/pasted the error message incorrectly, it looks like "bad-unknow" should have an "n" at the end of that string.if i try to run sonrt from command line on bin directory with snort -v
-i1
it will be start but i can not see any packets transaction when i am browsing any site.Then either interface "-i1" is incorrect, or, the sniffing interface is attached to an ethernet switch that is masking the data from you. If you are using a switch, you'll either need to replace it with a hub, purchase a "tap", or change your network somehow to see the traffic of interest. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share
your
opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
+---------------------------------------------------------------------+ Joel Esler Senior Security Consultant 1-706-627-2101 Sourcefire Security for the /Real/ World -- http://www.sourcefire.com Snort - Open Source Network IPS/IDS -- http://www.snort.org GPG Key: http://demo.sourcefire.com/jesler.pgp.key AIM:eslerjoel YMSG:eslerjoel Gtalk:eslerj +---------------------------------------------------------------------+ ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- How to start and monitor packets on windows VINAY_SHARMA (Jul 20)
- Re: How to start and monitor packets on windows Rich Adamson (Jul 20)
- Re: How to start and monitor packets on windows Joel Esler (Jul 20)
- Re: How to start and monitor packets on windows info+lucretia.ca (Jul 20)
- Re: How to start and monitor packets on windows Jeff Dell (Jul 20)
- <Possible follow-ups>
- Re: How to start and monitor packets on windows Klein, Jeremie (Jul 20)
- Re: How to start and monitor packets on windows VINAY_SHARMA (Jul 20)
- Re: How to start and monitor packets on windows Rich Adamson (Jul 20)