Snort mailing list archives
Re: Snort not generating alerts
From: Pratik Narang <pratik.cse.bits () gmail com>
Date: Tue, 10 Jul 2012 15:58:59 +0530
As suggested to me off-the-list, here is the Snort output when i "kill" it-
^C*** Caught Int-Signal
===============================================================================
Run time for packet processing was 12.2504 seconds
Snort processed 121 packets.
Snort ran for 0 days 0 hours 0 minutes 12 seconds
Pkts/sec: 10
===============================================================================
Packet I/O Totals:
Received: 121
Analyzed: 121 (100.000%)
Dropped: 0 ( 0.000%)
Filtered: 0 ( 0.000%)
Outstanding: 0 ( 0.000%)
Injected: 0
===============================================================================
Breakdown by protocol (includes rebuilt packets):
Eth: 121 (100.000%)
VLAN: 7 ( 5.785%)
IP4: 106 ( 87.603%)
Frag: 0 ( 0.000%)
ICMP: 0 ( 0.000%)
UDP: 4 ( 3.306%)
TCP: 102 ( 84.298%)
IP6: 0 ( 0.000%)
IP6 Ext: 0 ( 0.000%)
IP6 Opts: 0 ( 0.000%)
Frag6: 0 ( 0.000%)
ICMP6: 0 ( 0.000%)
UDP6: 0 ( 0.000%)
TCP6: 0 ( 0.000%)
Teredo: 0 ( 0.000%)
ICMP-IP: 0 ( 0.000%)
EAPOL: 0 ( 0.000%)
IP4/IP4: 0 ( 0.000%)
IP4/IP6: 0 ( 0.000%)
IP6/IP4: 0 ( 0.000%)
IP6/IP6: 0 ( 0.000%)
GRE: 0 ( 0.000%)
GRE Eth: 0 ( 0.000%)
GRE VLAN: 0 ( 0.000%)
GRE IP4: 0 ( 0.000%)
GRE IP6: 0 ( 0.000%)
GRE IP6 Ext: 0 ( 0.000%)
GRE PPTP: 0 ( 0.000%)
GRE ARP: 0 ( 0.000%)
GRE IPX: 0 ( 0.000%)
GRE Loop: 0 ( 0.000%)
MPLS: 0 ( 0.000%)
ARP: 1 ( 0.826%)
IPX: 0 ( 0.000%)
Eth Loop: 1 ( 0.826%)
Eth Disc: 0 ( 0.000%)
IP4 Disc: 0 ( 0.000%)
IP6 Disc: 0 ( 0.000%)
TCP Disc: 0 ( 0.000%)
UDP Disc: 0 ( 0.000%)
ICMP Disc: 0 ( 0.000%)
All Discard: 0 ( 0.000%)
Other: 13 ( 10.744%)
Bad Chk Sum: 54 ( 44.628%)
Bad TTL: 0 ( 0.000%)
S5 G 1: 0 ( 0.000%)
S5 G 2: 0 ( 0.000%)
Total: 121
===============================================================================
Action Stats:
Alerts: 0 ( 0.000%)
Logged: 0 ( 0.000%)
Passed: 0 ( 0.000%)
Limits:
Match: 0
Queue: 0
Log: 0
Event: 0
Alert: 0
Verdicts:
Allow: 77 ( 63.636%)
Block: 0 ( 0.000%)
Replace: 0 ( 0.000%)
Whitelist: 44 ( 36.364%)
Blacklist: 0 ( 0.000%)
Ignore: 0 ( 0.000%)
===============================================================================
Frag3 statistics:
Total Fragments: 0
Frags Reassembled: 0
Discards: 0
Memory Faults: 0
Timeouts: 0
Overlaps: 0
Anomalies: 0
Alerts: 0
Drops: 0
FragTrackers Added: 0
FragTrackers Dumped: 0
FragTrackers Auto Freed: 0
Frag Nodes Inserted: 0
Frag Nodes Deleted: 0
===============================================================================
Stream5 statistics:
Total sessions: 6
TCP sessions: 3
UDP sessions: 3
ICMP sessions: 0
IP sessions: 0
TCP Prunes: 0
UDP Prunes: 0
ICMP Prunes: 0
IP Prunes: 0
TCP StreamTrackers Created: 3
TCP StreamTrackers Deleted: 3
TCP Timeouts: 0
TCP Overlaps: 0
TCP Segments Queued: 0
TCP Segments Released: 0
TCP Rebuilt Packets: 0
TCP Segments Used: 0
TCP Discards: 5
TCP Gaps: 0
UDP Sessions Created: 3
UDP Sessions Deleted: 3
UDP Timeouts: 0
UDP Discards: 0
Events: 2
Internal Events: 0
TCP Port Filter
Dropped: 0
Inspected: 0
Tracked: 49
UDP Port Filter
Dropped: 0
Inspected: 0
Tracked: 3
===============================================================================
HTTP Inspect - encodings (Note: stream-reassembled packets included):
POST methods: 0
GET methods: 0
HTTP Request Headers extracted: 0
HTTP Request Cookies extracted: 0
Post parameters extracted: 0
HTTP response Headers extracted: 0
HTTP Response Cookies extracted: 0
Unicode: 0
Double unicode: 0
Non-ASCII representable: 0
Directory traversals: 0
Extra slashes ("//"): 0
Self-referencing paths ("./"): 0
HTTP Response Gzip packets extracted: 0
Gzip Compressed Data Processed: n/a
Gzip Decompressed Data Processed: n/a
Total packets processed: 1
==============================
SMTP Preprocessor Statistics
Total sessions : 0
Max concurrent sessions : 0
===============================================================================
dcerpc2 Preprocessor Statistics
Total sessions: 0
===============================================================================
SSL Preprocessor:
SSL packets decoded: 4
Client Hello: 0
Server Hello: 1
Certificate: 0
Server Done: 1
Client Key Exchange: 0
Server Key Exchange: 0
Change Cipher: 1
Finished: 0
Client Application: 0
Server Application: 3
Alert: 0
Unrecognized records: 0
Completed handshakes: 0
Bad handshakes: 0
Sessions ignored: 3
Detection disabled: 0
===============================================================================
SIP Preprocessor Statistics
Total sessions: 0
===============================================================================
Reputation Preprocessor Statistics
Total Memory Allocated: 0
===============================================================================
Snort exiting
On Tue, Jul 10, 2012 at 3:48 PM, Edward Fjellskål <
edwardfjellskaal () gmail com> wrote:
On 07/10/2012 12:02 PM, Pratik Narang wrote:Dear Snort users, I could not get any useful answer for this query of mine mailed a few days back, so i decided to write back here again with proper details... Snort is running fine as a network sniffer.If you paste the output of snort when you "kill" it, it will say something about what it saw of packets etc on the wire. (I did not read the whole mail, just a quick answer) E
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort not generating alerts Pratik Narang (Jul 05)
- Re: Snort not generating alerts praveen_recker . (Jul 05)
- Re: Snort not generating alerts Pratik Narang (Jul 05)
- Re: Snort not generating alerts Pratik Narang (Jul 10)
- Message not available
- Re: Snort not generating alerts Pratik Narang (Jul 10)
- Re: Snort not generating alerts Richmond, Ian (Jul 12)
- Re: Snort not generating alerts Pratik Narang (Jul 05)
- Re: Snort not generating alerts praveen_recker . (Jul 05)
- Re: Snort not generating alerts Peter Bates (Jul 10)
- Re: Snort not generating alerts Pratik Narang (Jul 10)
- Re: Snort not generating alerts Peter Bates (Jul 10)
- Re: Snort not generating alerts Pratik Narang (Jul 12)
- Re: Snort not generating alerts Peter Bates (Jul 13)