Snort mailing list archives
Re: DPX Output Verification
From: Amtul Saboor <saboor.amtul () gmail com>
Date: Sat, 14 Dec 2013 12:35:26 +0500
The reason that I think I am not doing it correctly is that in the README file in the SRC directory of DPX, following lines are writen: "Test output: dpx.c:86: registered dpx.c:123: pod[0](test/snort.conf:3): port = 8 dpx.c:159: pod[0]: initialized dpx.c:123: pod[1](test/10.1.conf:2): port = 80 dpx.c:159: pod[1]: initialized dpx.c:186: pod[1]: src = 12345, dst = 8 dpx.c:186: pod[1]: src = 8, dst = 12345 dpx.c:186: pod[1]: src = 12345, dst = 80 3 256 2 0 dpx.c:186: pod[0]: src = 12345, dst = 8 4 256 2 0 dpx.c:186: pod[0]: src = 8, dst = 12345 5 256 1 0 dpx.c:186: pod[0]: src = 12345, dst = 80" How can I get this output? I certainly do not get this output when i run test.sh file (the output is displayed in the previous message). So what could be the possible issues. Any help would be appreciated. Thanks and regards On Wed, Nov 27, 2013 at 10:16 PM, Amtul Saboor <saboor.amtul () gmail com>wrote:
Hello,
I need to verify if I am doing it correctly. because i dont think dpx.c is
running the way it should. This is my output when i type ./test.sh :
root@bt:/usr/src/dpx-1.6# cd /usr/src/dp
root@bt:/usr/src/dp# ./test.sh
./setup.sh: line 1: /root/snort: is a directory
Running in IDS mode
--== Initializing Snort ==--
Initializing Output Plugins!
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file "test/snort.conf"
Tagged Packet Limit: 256
Loading all dynamic preprocessor libs from lib/snort_dynamicpreprocessor...
Loading dynamic preprocessor library
lib/snort_dynamicpreprocessor/libdpx.so... done
Finished Loading all dynamic preprocessor libs from
lib/snort_dynamicpreprocessor
Log directory = /var/log/snort
+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
4 Snort rules read
4 detection rules
0 decoder rules
0 preprocessor rules
2 Option Chains linked into 2 Chain Headers
0 Dynamic rules
+++++++++++++++++++++++++++++++++++++++++++++++++++
+-------------------[Rule Port
Counts]---------------------------------------
| tcp udp icmp ip
| src 0 0 0 0
| dst 0 0 0 0
| any 4 0 0 0
| nc 4 0 0 0
| s+d 0 0 0 0
+----------------------------------------------------------------------------
+-----------------------[detection-filter-config]------------------------------
| memory-cap : 1048576 bytes
+-----------------------[detection-filter-rules]-------------------------------
| none
-------------------------------------------------------------------------------
+-----------------------[rate-filter-config]-----------------------------------
| memory-cap : 1048576 bytes
+-----------------------[rate-filter-rules]------------------------------------
| none
-------------------------------------------------------------------------------
+-----------------------[event-filter-config]----------------------------------
| memory-cap : 1048576 bytes
+-----------------------[event-filter-global]----------------------------------
+-----------------------[event-filter-local]-----------------------------------
| none
+-----------------------[suppression]------------------------------------------
| none
-------------------------------------------------------------------------------
Rule application order:
activation->dynamic->pass->drop->sdrop->reject->alert->log
Verifying Preprocessor Configurations!
[ Port Based Pattern Matching Memory ]
pcap DAQ configured to read-file.
The DAQ version does not support reload.
Acquiring network traffic from "test/test.pcap".
Reload thread starting...
Reload thread started, thread 0xb6997b70 (1754)
--== Initialization Complete ==--
,,_ -*> Snort! <*-
o" )~ Version 2.9.5.5 GRE (Build 205)
'''' By Martin Roesch & The Snort Team:
http://www.snort.org/snort/snort-team
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using libpcap version 1.0.0
Using PCRE version: 7.8 2008-09-05
Using ZLIB version: 1.2.3.3
Preprocessor Object: dpx Version 1.6 <Build 1>
Commencing packet processing (pid=1753)
3 256 2 0
4 256 2 0
5 256 1 0
===============================================================================
Run time for packet processing was 0.994 seconds
Snort processed 6 packets.
Snort ran for 0 days 0 hours 0 minutes 0 seconds
Pkts/sec: 6
===============================================================================
Packet I/O Totals:
Received: 6
Analyzed: 6 (100.000%)
Dropped: 0 ( 0.000%)
Filtered: 0 ( 0.000%)
Outstanding: 0 ( 0.000%)
Injected: 0
===============================================================================
Breakdown by protocol (includes rebuilt packets):
Eth: 6 (100.000%)
VLAN: 0 ( 0.000%)
IP4: 6 (100.000%)
Frag: 0 ( 0.000%)
ICMP: 0 ( 0.000%)
UDP: 0 ( 0.000%)
TCP: 6 (100.000%)
IP6: 0 ( 0.000%)
IP6 Ext: 0 ( 0.000%)
IP6 Opts: 0 ( 0.000%)
Frag6: 0 ( 0.000%)
ICMP6: 0 ( 0.000%)
UDP6: 0 ( 0.000%)
TCP6: 0 ( 0.000%)
Teredo: 0 ( 0.000%)
ICMP-IP: 0 ( 0.000%)
IP4/IP4: 0 ( 0.000%)
IP4/IP6: 0 ( 0.000%)
IP6/IP4: 0 ( 0.000%)
IP6/IP6: 0 ( 0.000%)
GRE: 0 ( 0.000%)
GRE Eth: 0 ( 0.000%)
GRE VLAN: 0 ( 0.000%)
GRE IP4: 0 ( 0.000%)
GRE IP6: 0 ( 0.000%)
GRE IP6 Ext: 0 ( 0.000%)
GRE PPTP: 0 ( 0.000%)
GRE ARP: 0 ( 0.000%)
GRE IPX: 0 ( 0.000%)
GRE Loop: 0 ( 0.000%)
MPLS: 0 ( 0.000%)
ARP: 0 ( 0.000%)
IPX: 0 ( 0.000%)
Eth Loop: 0 ( 0.000%)
Eth Disc: 0 ( 0.000%)
IP4 Disc: 0 ( 0.000%)
IP6 Disc: 0 ( 0.000%)
TCP Disc: 0 ( 0.000%)
UDP Disc: 0 ( 0.000%)
ICMP Disc: 0 ( 0.000%)
All Discard: 0 ( 0.000%)
Other: 0 ( 0.000%)
Bad Chk Sum: 0 ( 0.000%)
Bad TTL: 0 ( 0.000%)
S5 G 1: 0 ( 0.000%)
S5 G 2: 0 ( 0.000%)
Total: 6
===============================================================================
Action Stats:
Alerts: 3 ( 50.000%)
Logged: 3 ( 50.000%)
Passed: 0 ( 0.000%)
Limits:
Match: 0
Queue: 0
Log: 0
Event: 0
Alert: 0
Verdicts:
Allow: 6 (100.000%)
Block: 0 ( 0.000%)
Replace: 0 ( 0.000%)
Whitelist: 0 ( 0.000%)
Blacklist: 0 ( 0.000%)
Ignore: 0 ( 0.000%)
=============================
Snort exiting
Regards
--
Amtul
------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- DPX Output Verification Amtul Saboor (Nov 27)
- Re: DPX Output Verification Amtul Saboor (Dec 13)
- Re: DPX Output Verification Russ Combs (Dec 16)
- Re: DPX Output Verification Amtul Saboor (Dec 13)