Snort mailing list archives
Re: rules file doesn't work properly, no DoS or portscan detected...
From: waldo kitty <wkitty42 () windstream net>
Date: Sat, 25 May 2013 17:01:49 -0400
On 5/25/2013 16:30, Gijs van der Velden wrote:
There is only one interface on the system so I left it as not set, but when I set it the same thing happens.
i've always been under the impression that one should always supply "-i interface"...
I don't get it since snort is actually capturing packets as well, but maybe its only capturing outgoing packets?
weird... what interface does it say it is using? you should be able to find that in the log...
> Date: Sat, 25 May 2013 10:00:58 -0400 > From: wkitty42 () windstream net > To: snort-users () lists sourceforge net > Subject: Re: [Snort-users] rules file doesn't work properly, no DoS or portscan detected... > > On 5/25/2013 08:42, Gijs van der Velden wrote: > > I just started snort with: > > > > snort -c D:\Snort\etc\snort.conf -l D:\Snort\log -T –daq pcap > > > > And it came up with the error active response: can't open ip! > > Maybe this is the cause of the problem? > > what interface are you trying to have snort watch?
-- NOTE: No off-list assistance is given without prior approval. Please keep mailing list traffic on the list unless private contact is specifically requested and granted. ------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- rules file doesn't work properly, no DoS or portscan detected... Gijs van der Velden (May 24)
- Re: rules file doesn't work properly, no DoS or portscan detected... Joel Esler (May 24)
- Message not available
- Re: rules file doesn't work properly, no DoS or portscan detected... Gijs van der Velden (May 24)
- Re: rules file doesn't work properly, no DoS or portscan detected... Gijs van der Velden (May 25)
- Re: rules file doesn't work properly, no DoS or portscan detected... waldo kitty (May 25)
- Re: rules file doesn't work properly, no DoS or portscan detected... Gijs van der Velden (May 25)
- Re: rules file doesn't work properly, no DoS or portscan detected... waldo kitty (May 25)
- Re: rules file doesn't work properly, no DoS or portscan detected... Joel Esler (May 25)
- Re: rules file doesn't work properly, no DoS or portscan detected... Gijs van der Velden (May 26)
- Re: rules file doesn't work properly, no DoS or portscan detected... waldo kitty (May 26)
- Re: rules file doesn't work properly, no DoS or portscan detected... Gijs van der Velden (May 26)
- Re: rules file doesn't work properly, no DoS or portscan detected... Michael Steele (May 26)
- Message not available
- Re: rules file doesn't work properly, no DoS or portscan detected... Michael Steele (May 26)
- Re: rules file doesn't work properly, no DoS or portscan detected... Joel Esler (May 24)
- Re: rules file doesn't work properly, no DoS or portscan detected... Michael Steele (May 26)
- Re: rules file doesn't work properly, no DoS or portscan detected... Gijs van der Velden (Jun 19)