Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort 3 Config File Question (3)

From: Jim Campbell <jim () w4bqp net>
Date: Mon, 24 Jul 2017 20:50:17 -0400
Problems. While Snort is happy with the new Rules file it is also keeping me from doing anything useful on the internet. Also, the packets it is logging to the Unified2 log are strange. For example: 

(Event)
sensor id: 0 event id: 133 event second: 1500926568 event microsecond: 248613 
        sig id: 412     gen id: 116     revision: 1 classification: 29
priority: 3 ip source: 0.0.0.0 ip destination: 255.255.255.255 src port: 68 dest port: 67 ip_proto: 17 impact_flag: 0 blocked: 0 
        mpls label: 0   vlan id: 0      policy id: 0    appid:

Packet
        sensor id: 0    event id: 133   event second: 1500926568
        packet second: 1500926568       packet microsecond: 248613
        linktype: 1     packet_length: 342
[    0] FF FF FF FF FF FF B0 7F B9 1A 2E FF 08 00 45 10 ..............E.
[   16] 01 48 00 00 00 00 80 11 39 96 00 00 00 00 FF FF .H......9.......
[   32] FF FF 00 44 00 43 01 34 6B 20 01 01 06 00 83 96  ...D.C.4k ......
[   48] 56 5B 00 16 00 00 00 00 00 00 00 00 00 00 00 00 V[..............
[   64] 00 00 00 00 00 00 B0 7F B9 1A 2E FF 00 00 00 00 ................
[   80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[   96] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[  112] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[  128] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[  144] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[  160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[  176] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[  192] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[  208] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[  224] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[  240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[  256] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[  272] 00 00 00 00 00 00 63 82 53 63 35 01 01 37 07 01 ......c.Sc5..7..
[  288] 1C 02 03 0F 06 0C FF 00 00 00 00 00 00 00 00 00 ................
[  304] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[  320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[  336] 00 00 00 00 00 00                                ......
I'm not accustomed to this format and my Ethernet tap is broken. Until I get the parts I have on order to build a new tap so I can get Wireshark on the job I'm going to have to work on other things. Once I have the new tap built I will put Snort back online and share what I find. 

Jim

--
"We are not human beings having a spiritual experience;
we are spiritual beings having a human experience."
---Pierre Teilhard de Chardin

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: