Snort mailing list archives
Re: snort using rpcap in windows
From: Eugene Grama <eugene.grama () gmail com>
Date: Tue, 17 Feb 2015 17:27:31 +0800
I tried to search on google, but still with no luck, but I'm always bumping into this file http://snort.sourcearchive.com/documentation/2.8.5.2/remote-ext_8h-source.html http://snort.sourcearchive.com/documentation/2.8.5.2/group__remote__source__string.html I'm not sure what is this for, and i cannot even locate this remote-exe.h file in my machine (if this is a file) Thank you and best regards, eugene On Tue, Feb 17, 2015 at 5:19 PM, Eugene Grama <eugene.grama () gmail com> wrote:
Hello again, I had used this command and it is working and collecting packets dumpcap -i rpcap://[xx.xx.xx.xx]:2002/\Device\NPF_{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} -w c:\dumpcap.log i need this traffic to pass through snort so that it will generate alert how can be this done? any advice? Thank you and best regards, eugene On Tue, Feb 17, 2015 at 2:24 PM, Eugene Grama <eugene.grama () gmail com> wrote:Hello, Can snort run using rpcap? I'm trying this command, but not successful snort -c c:\Snort\etc\snort.conf -l c:\Snort\log --daq pcap --daq-mode inline -i rpcap://[xx.xxx.xxx.xx]:2002/\Device\NPF_{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx} I run on ERROR:pcap does not support inline run command snort --daq-list; the result is Available DAQ modules: pcap(v3): readback live multi unpriv Please help, how can i connect and collect data to my remote machine (Windows web server) -- Thank you and Best regards, Eugene-- Thank you and Best regards, Eugene
-- Thank you and Best regards, Eugene
------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Fwd: snort using rpcap in windows Eugene Grama (Feb 16)
- Re: snort using rpcap in windows Eugene Grama (Feb 17)
- Re: snort using rpcap in windows Eugene Grama (Feb 17)
- Re: snort using rpcap in windows Al Lewis (allewi) (Feb 17)
- Re: snort using rpcap in windows Eugene Grama (Feb 17)
- Re: snort using rpcap in windows Eugene Grama (Feb 17)