Re: snort inline problem

[James Lay <jlay () slave-tothe-box net>]

On 2016-10-20 03:40, mostafa ammar wrote:
> Dear Jays ,
>
> Thanks for your reply to my problem, I installed snort as a VM on
> xenserver , it is connecting between 2 other VMs every machine , ping
> is working successfully but any other protocol is not running, I
> adjusted the snort.conf file and added
>
> running the check command
> snort --daq-list
> Available DAQ modules:
> pcap(v3): readback live multi unpriv
> nfq(v7): live inline multi
> ipfw(v3): live inline multi unpriv
> dump(v3): readback live inline multi unpriv
> afpacket(v5): live inline multi unpriv
>
> to run snort inline I use the following command
>  sudo snort -A console -Q -c /etc/snort/snort.conf -i eth3:eth2 -N
>
> ping is working fine but any other protocols are not running ,I
> disabled normalization for several protocols.
> #preprocessor normalize_ip4
> #preprocessor normalize_tcp: block, rsv, pad, urp, req_urg, req_pay,
> req_urp, ips, ecn stream
> #preprocessor normalize_icmp4
> #preprocessor normalize_ip6
> #preprocessor normalize_icmp6
>
> Thanks for your help.
>
> NB: I used to work on google groups I can reply to mail threads , now
> I dont have any notification of emails of reply to my email and I dont
> know how to reply to mail threads

Don't forget your afpacket line:

sudo snort -A console -Q -c /etc/snort/snort.conf --daq afpacket -i 
eth3:eth2 -N

James

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!