Re: Stuck at Commencing Packet Processing

[Steve Gantz <stephen.gantz () faculty umuc edu>]

You won't get anything from Snort if you are listening on a disabled interface (which is what your screenshot shows for 
interfaces 1 and 2). Try starting Snort with -i 3 and see if the results are different. You might consider just 
directing output to the screen (with -A console) while you are testing and save the syslog output for later. Also, the 
command shell window isn't "stuck" - unless you direct output to the screen the commencing packet processing is the 
last thing you will see when you start Snort successfully. Your startup command uses the -s option so j assume you 
intend to sent alerts to a syslog server. 

Dr. Stephen D. Gantz, CISSP-ISSAP, CEH, CGEIT, CRISC, CIPP/G, C|CISO

Professor of Information Assurance

The Graduate School

University of Maryland University College

stephen.gantz () faculty umuc edu



> On Feb 16, 2015, at 2:04 PM, Lena Okanovic <lokanovic () flightapps com> wrote:
>
> ​Hello,
>
> I am new to Snort. I just recently downloaded and installed it on Windows 2008 box. I got the WinPcap and rules 
> installed per instructions found on the internet. I also configured the snort.conf file to use Snort as IDS. Testing 
> results come back without any errors. However, when I execute snort.exe -i1 -s -l C:\snort\log\ -c 
> C:\Snort\etc\snort.conf I get no log created and the cmd prompt is stuck at Commencing Packet Processing
>
> <pastedImage.png>
>
>
> I also chose Interface 1 because of my configuration. 1 and 2 have no IP and 3 is my management interface with IP 
> settings assigned.
>
> <pastedImage.png>
>
>
> What am I doing wrong? Oh, also, in the config file I left 'any' for the HOME_NET address.
>
>
> Thank you!
>
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
> with Interactivity, Sharing, Native Excel Exports, App Integration & more
> Get technology previously reserved for billion-dollar corporations, FREE
> http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!