Re: Can't see drop-rate for packets?[IPS] New Snort-user

[Heine Lysemose <lysemose () gmail com>]

Hi Blixten

Could you paste in the output when you have pressed Ctrl+ C

/Lysemose
On Apr 24, 2012 6:15 PM, "Russ Combs" <rcombs () sourcefire com> wrote:

> Check doc/README.counts.  You *are* looking for Verdicts.  Blocked is what
> Snort did not allow to pass; Dropped are packets Snort didn't see.
>
> Russ
>
> On Tue, Apr 24, 2012 at 9:34 AM, Simon Blixt <blixten_496 () hotmail com>wrote:
>
> >  Hi (again),
> >
> > I'm setting up my own Snort for a test-scenario. All works well, but I'm
> > not sure how I should read the output when I close Snort with CTRL+C.
> > I did read http://manual.snort.org/node9.html but it doesn't make sense
> > for me.. I'm running Snort as IPS, so I guess the title "Verdicts" isn't
> > anything relevant for me?
> > When I use my rule, a drop rule, and send traffic which should be
> > dropped from it, Packet I/O Totals - Dropped: shows 0(zero).
> > The traffic is dropped since I can't access the site I'm dropping packets
> > to the website. So my rule is working properly.
> > I need to have some good statics what Snort did with the packets, how
> > many where dropped? I'm sorry if I'm missing something obvious..
> >
> > Yours,
> > Blixten
> >
> >
> > ------------------------------------------------------------------------------
> > Live Security Virtual Conference
> > Exclusive live event will cover all the ways today's security and
> > threat landscape has changed and how IT managers can respond. Discussions
> > will include endpoint security, mobile security and the latest in malware
> > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the latest
> > Snort news!
>
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!