Snort mailing list archives
Re: rules file doesn't work properly, no DoS or portscan detected...
From: waldo kitty <wkitty42 () windstream net>
Date: Sat, 25 May 2013 17:01:49 -0400
On 5/25/2013 16:30, Gijs van der Velden wrote:
There is only one interface on the system so I left it as not set, but when I set it the same thing happens.
i've always been under the impression that one should always supply "-i interface"...
I don't get it since snort is actually capturing packets as well, but maybe its only capturing outgoing packets?
weird... what interface does it say it is using? you should be able to find that in the log...
> Date: Sat, 25 May 2013 10:00:58 -0400 > From: wkitty42 () windstream net > To: snort-users () lists sourceforge net > Subject: Re: [Snort-users] rules file doesn't work properly, no DoS or portscan detected... > > On 5/25/2013 08:42, Gijs van der Velden wrote: > > I just started snort with: > > > > snort -c D:\Snort\etc\snort.conf -l D:\Snort\log -T –daq pcap > > > > And it came up with the error active response: can't open ip! > > Maybe this is the cause of the problem? > > what interface are you trying to have snort watch?
--
NOTE: No off-list assistance is given without prior approval.
Please keep mailing list traffic on the list unless
private contact is specifically requested and granted.
------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- rules file doesn't work properly, no DoS or portscan detected... Gijs van der Velden (May 24)
- Re: rules file doesn't work properly, no DoS or portscan detected... Joel Esler (May 24)
- Message not available
- Re: rules file doesn't work properly, no DoS or portscan detected... Gijs van der Velden (May 24)
- Re: rules file doesn't work properly, no DoS or portscan detected... Gijs van der Velden (May 25)
- Re: rules file doesn't work properly, no DoS or portscan detected... waldo kitty (May 25)
- Re: rules file doesn't work properly, no DoS or portscan detected... Gijs van der Velden (May 25)
- Re: rules file doesn't work properly, no DoS or portscan detected... waldo kitty (May 25)
- Re: rules file doesn't work properly, no DoS or portscan detected... Joel Esler (May 25)
- Re: rules file doesn't work properly, no DoS or portscan detected... Gijs van der Velden (May 26)
- Re: rules file doesn't work properly, no DoS or portscan detected... waldo kitty (May 26)
- Re: rules file doesn't work properly, no DoS or portscan detected... Gijs van der Velden (May 26)
- Re: rules file doesn't work properly, no DoS or portscan detected... Michael Steele (May 26)
- Message not available
- Re: rules file doesn't work properly, no DoS or portscan detected... Michael Steele (May 26)
- Re: rules file doesn't work properly, no DoS or portscan detected... Joel Esler (May 24)
- Re: rules file doesn't work properly, no DoS or portscan detected... Michael Steele (May 26)
- Re: rules file doesn't work properly, no DoS or portscan detected... Gijs van der Velden (Jun 19)