Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Stuck at Commencing Packet Processing

From: "Al Lewis (allewi)" <allewi () cisco com>
Date: Mon, 16 Feb 2015 23:44:01 +0000
Try running snort with the  “–Acmg –k none “  added to see if you get some ouput.

Remove the logging and see if that helps.



Albert Lewis
QA Software Engineer
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046
Phone: (office) 443.430.7112
Email: allewi () cisco com

From: Lena Okanovic [mailto:lokanovic () flightapps com]
Sent: Monday, February 16, 2015 6:38 PM
To: Al Lewis (allewi)
Cc: snort-users () lists sourceforge net
Subject: Re: Stuck at Commencing Packet Processing


​this is what I see when I hit ctrl-C

[cid:image003.png@01D04A18.7F02B9E0]



How do I put the interface in promiscuous mode? After adding the network adapter, I went ahead and unchecked all of the 
option boxes under it's properties so it's not interfering with capture of the traffic.

I did a quick WinDump and it's capturing the traffic on interface 2. However, i'm having same issues with on Snort with 
int 1 or 2 or 3.



Thank you,



Lena Okanovic

lokanovic () flightapps com<mailto:lokanovic () flightapps com>

925-818-9142[Image removed by sender.]

________________________________
From: Al Lewis (allewi) <allewi () cisco com>
Sent: Monday, February 16, 2015 1:51 PM
To: Lena Okanovic
Cc: snort-users () lists sourceforge net
Subject: RE: Stuck at Commencing Packet Processing

Hello Lena,

                What are you getting in the snort exit stats?

Are you sure that traffic is hitting the sniffing interface?
Is the interface in promiscuous mode?
Can you capture traffic off of that same interface with say tcpdump/wireshark running?

Hope this helps!

Albert Lewis
QA Software Engineer
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046
Phone: (office) 443.430.7112[Image removed by sender.]
Email: allewi () cisco com

From: Lena Okanovic [mailto:lokanovic () flightapps com]
Sent: Monday, February 16, 2015 2:04 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Stuck at Commencing Packet Processing


​Hello,

I am new to Snort. I just recently downloaded and installed it on Windows 2008 box. I got the WinPcap and rules 
installed per instructions found on the internet. I also configured the snort.conf file to use Snort as IDS. Testing 
results come back without any errors. However, when I execute snort.exe -i1 -s -l C:\snort\log\ -c 
C:\Snort\etc\snort.conf I get no log created and the cmd prompt is stuck at Commencing Packet Processing

[cid:image004.png@01D04A18.7F02B9E0]



I also chose Interface 1 because of my configuration. 1 and 2 have no IP and 3 is my management interface with IP 
settings assigned.

[cid:image005.png@01D04A18.7F02B9E0]



What am I doing wrong? Oh, also, in the config file I left 'any' for the HOME_NET address.



Thank you!














------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: