Snort mailing list archives

Previous By Date Next
Previous By Thread Next

a few questions...

From: waldo kitty <wkitty42 () windstream net>
Date: Fri, 05 Jul 2013 17:56:59 -0400
in response to another's query about how to compile the so dynamic rules, i set off to test my theory and understanding... i completed my task and have an executable snort 2.9.5 with what appears to be compiled so dynamic rules from snapshot-2.9.4.6...
this snort was compiled "straight"... in other words, nothing fancy... only the following... 

./configure
make
make install
so there's a bit of background... if it is not complete enough, please ask me for additional information... now to my couple of questions...
1. i do have 14 compiled so dynamic rules files in my lib directory. snort does recognize them and appears to load them as can be seen in the execution output attached below. the question is why does snort report "0 Dynamic rules" when it is initializing the rule chains? there /are/ 72 rules stubs in the so_rules directory and they were created from the compiled rules by snort's --dump-dynamic-rules option... did i miss a change in the so_rules/src/Makefile other than changing the SNORT_VERSION entry?
2. when i terminate snort, the "Packet I/O Totals" count of processed doesn't make sense. it says 4054 received and analyzed but the "Breakdown by protocol" says there were 4057. where did the extra three packets come from? it also reports 125 "Other" packets. how can i find out what they are or were?
all the output from the execution is attached below (snort_execution.txt) and my snort.conf is attached after that (snort_conf.txt)... 



--
NOTE: No off-list assistance is given without prior approval.
      Please keep mailing list traffic on the list unless
      private contact is specifically requested and granted.

Attachment: snort_execution.txt
Description:

Attachment: snort_conf.txt
Description: 

------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: