Snort mailing list archives
Testing Snort
From: MALIK AZHAR MUSHTAQ <azhar_mushtaaq () hotmail com>
Date: Sat, 24 Mar 2012 15:15:27 +0000
Hello All, I am a student and new to snort, I installed Snort in Ubuntu using VitrtualBox. i can ping from BackTrack machine to Snort machine. but Snort is showing nothing. in snort.conf, icmp-info.rules are enabled but track icmp is off when i change it to on i got fatal error. Above every thing was fine but at this point i got these some warnings.please suggest me how can i test Snort.Thanks Verifying Preprocessor Configurations! ICMP tracking disabled, no ICMP sessions allocated IP tracking disabled, no IP sessions allocated WARNING: flowbits key 'blackhole.pdf' is checked but not ever set. WARNING: flowbits key 'file.xlw' is set but not ever checked. WARNING: flowbits key 'ABSystemSpy_Inforetrieve1' is set but not ever checked. 89 out of 1024 flowbits in use. [ Port Based Pattern Matching Memory ] +- [ Aho-Corasick Summary ] ------------------------------------- | Storage Format : Full-Q | Finite Automaton : DFA | Alphabet Size : 256 Chars | Sizeof State : Variable (1,2,4 bytes) | Instances : 135 | 1 byte states : 125 | 2 byte states : 10 | 4 byte states : 0 | Characters : 50371 | States : 40267 | Transitions : 3811187 | State Density : 37.0% | Patterns : 2572 | Match States : 2352 | Memory (MB) : 19.93 | Patterns : 0.21 | Match Lists : 0.32 | DFA | 1 byte states : 0.71 | 2 byte states : 18.55 | 4 byte states : 0.00 +---------------------------------------------------------------- [ Number of patterns truncated to 20 bytes: 512 ] pcap DAQ configured to passive. The DAQ version does not support reload. Acquiring network traffic from "eth0". Reload thread starting... Reload thread started, thread 0xa6d69b70 (2407) Decoding Ethernet Set gid to 1002 Set uid to 1001 --== Initialization Complete ==-- ,,_ -*> Snort! <*- o" )~ Version 2.9.2 IPv6 GRE (Build 78) '''' By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team Copyright (C) 1998-2011 Sourcefire, Inc., et al. Using libpcap version 1.0.0 Using PCRE version: 7.8 2008-09-05 Using ZLIB version: 1.2.3.3 Rules Engine: SF_SNORT_DETECTION_ENGINE Version 1.15 <Build 18> Rules Object: web-client Version 1.0 <Build 1> Rules Object: web-misc Version 1.0 <Build 1> Rules Object: web-activex Version 1.0 <Build 1> Rules Object: dos Version 1.0 <Build 1> Rules Object: misc Version 1.0 <Build 1> Rules Object: multimedia Version 1.0 <Build 1> Rules Object: bad-traffic Version 1.0 <Build 1> Rules Object: chat Version 1.0 <Build 1> Rules Object: netbios Version 1.0 <Build 1> Rules Object: exploit Version 1.0 <Build 1> Rules Object: imap Version 1.0 <Build 1> Rules Object: icmp Version 1.0 <Build 1> Rules Object: snmp Version 1.0 <Build 1> Rules Object: smtp Version 1.0 <Build 1> Rules Object: nntp Version 1.0 <Build 1> Rules Object: web-iis Version 1.0 <Build 1> Rules Object: p2p Version 1.0 <Build 1> Rules Object: specific-threats Version 1.0 <Build 1> Preprocessor Object: SF_DCERPC2 (IPV6) Version 1.0 <Build 3> Preprocessor Object: SF_GTP (IPV6) Version 1.1 <Build 1> Preprocessor Object: SF_SIP (IPV6) Version 1.1 <Build 1> Preprocessor Object: SF_REPUTATION (IPV6) Version 1.1 <Build 1> Preprocessor Object: SF_SMTP (IPV6) Version 1.1 <Build 9> Preprocessor Object: SF_MODBUS (IPV6) Version 1.1 <Build 1> Preprocessor Object: SF_SSH (IPV6) Version 1.1 <Build 3> Preprocessor Object: SF_SDF (IPV6) Version 1.1 <Build 1> Preprocessor Object: SF_FTPTELNET (IPV6) Version 1.2 <Build 13> Preprocessor Object: SF_DNP3 (IPV6) Version 1.1 <Build 1> Preprocessor Object: SF_DNS (IPV6) Version 1.1 <Build 4> Preprocessor Object: SF_POP (IPV6) Version 1.0 <Build 1> Preprocessor Object: SF_SSLPP (IPV6) Version 1.1 <Build 4> Preprocessor Object: SF_IMAP (IPV6) Version 1.0 <Build 1> Commencing packet processing (pid=2407)
------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Testing Snort Amit B (Mar 04)
- Re: Testing Snort Heine Lysemose (Mar 04)
- Re: Testing Snort Martin Holste (Mar 04)
- Re: Testing Snort Amit B (Mar 04)
- Re: Testing Snort Martin Holste (Mar 04)
- <Possible follow-ups>
- Testing Snort MALIK AZHAR MUSHTAQ (Mar 24)
- Re: Testing Snort Heine Lysemose (Mar 04)