Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: rules file doesn't work properly, no DoS or portscan detected...

From: Gijs van der Velden <gijsvandervelden () live nl>
Date: Sat, 25 May 2013 22:30:50 +0200
There is only one interface on the system so I left it as not set, but when I set it the same thing happens.

I don't get it since snort is actually capturing packets as well, but maybe its only capturing outgoing packets?




Date: Sat, 25 May 2013 10:00:58 -0400
From: wkitty42 () windstream net
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] rules file doesn't work properly, no DoS or portscan detected...

On 5/25/2013 08:42, Gijs van der Velden wrote:

I just started snort with:

snort -c D:\Snort\etc\snort.conf -l D:\Snort\log -T –daq pcap

And it came up with the error active response: can't open ip!
Maybe this is the cause of the problem?


what interface are you trying to have snort watch?

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

                                          
------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: