Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Wireless

From: "Al Lewis \(allewi\) via Snort-users" <snort-users () lists snort org>
Date: Thu, 29 Mar 2018 14:30:41 +0000
Run snort -? in order to see the correct options.

Please use “-i” to specify the interface. (there isn’t a -w)


USAGE: /var/tmp/snort-2.9.11/bin/snort [-options] <filter options>
Options:
        -A         Set alert mode: fast, full, console, test or none  (alert file alerts only)
                   "unsock" enables UNIX socket logging (experimental).
        -b         Log packets in tcpdump format (much faster!)
        -B <mask>  Obfuscated IP addresses in alerts and packet dumps using CIDR mask
        -c <rules> Use Rules File <rules>
        -C         Print out payloads with character data only (no hex)
        -d         Dump the Application Layer
        -D         Run Snort in background (daemon) mode
        -e         Display the second layer header info
        -f         Turn off fflush() calls after binary log writes
        -F <bpf>   Read BPF filters from file <bpf>
        -g <gname> Run snort gid as <gname> group (or gid) after initialization
        -G <0xid>  Log Identifier (to uniquely id events for multiple snorts)
        -h <hn>    Set home network = <hn>
                   (for use with -l or -B, does NOT change $HOME_NET in IDS mode)
        -H         Make hash tables deterministic.
        -i <if>    Listen on interface <if>
        -I         Add Interface name to alert output
        -k <mode>  Checksum mode (all,noip,notcp,noudp,noicmp,none)
        -K <mode>  Logging mode (pcap[default],ascii,none)
        -l <ld>    Log to directory <ld>
        -L <file>  Log to this tcpdump file
        -M         Log messages to syslog (not alerts)
        -m <umask> Set umask = <umask>
        -n <cnt>   Exit after receiving <cnt> packets
        -N         Turn off logging (alerts still work)
        -O         Obfuscate the logged IP addresses
        -p         Disable promiscuous mode sniffing
        -P <snap>  Set explicit snaplen of packet (default: 1514)
        -q         Quiet. Don't show banner and status report
        -Q         Enable inline mode operation.
        -r <tf>    Read and process tcpdump file <tf>
        -R <id>    Include 'id' in snort_intf<id>.pid file name
        -s         Log alert messages to syslog
        -S <n=v>   Set rules file variable n equal to value v
        -t <dir>   Chroots process to <dir> after initialization
        -T         Test and report on the current Snort configuration
        -u <uname> Run snort uid as <uname> user (or uid) after initialization
        -U         Use UTC for timestamps
        -v         Be verbose
        -V         Show version number
        -X         Dump the raw packet data starting at the link layer
        -x         Exit if Snort configuration problems occur
        -y         Include year in timestamp in the alert and log files
        -Z <file>  Set the performonitor preprocessor file path and name
        -?         Show this information



Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
Cisco Systems Inc.
Email: allewi () cisco com<mailto:allewi () cisco com>

From: Kristoffer Ytterbø Sture <kristure1993 () gmail com>
Date: Thursday, March 29, 2018 at 10:09 AM
To: "Al Lewis (allewi)" <allewi () cisco com>
Cc: "snort-users () lists snort org" <snort-users () lists snort org>
Subject: Re: [Snort-users] Wireless

I am using snort -W and my wlan interface doesnt show up
Den tor. 29. mar. 2018, 16:04 skrev Al Lewis (allewi) <allewi () cisco com<mailto:allewi () cisco com>>:
What command are you using to start snort? What error are you seeing?

Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
Cisco Systems Inc.
Email: allewi () cisco com<mailto:allewi () cisco com>

From: Kristoffer Ytterbø Sture <kristure1993 () gmail com<mailto:kristure1993 () gmail com>>
Date: Thursday, March 29, 2018 at 9:50 AM
To: "Al Lewis (allewi)" <allewi () cisco com<mailto:allewi () cisco com>>
Cc: "snort-users () lists snort org<mailto:snort-users () lists snort org>" <snort-users () lists snort 
org<mailto:snort-users () lists snort org>>
Subject: Re: [Snort-users] Wireless


It can't find my wireless adaptor

Den tor. 29. mar. 2018, 15:44 skrev Al Lewis (allewi) <allewi () cisco com<mailto:allewi () cisco com>>:
Hello

Can you define what you mean by “work with wireless”. Snort can inspect/decode wireless network traffic.


Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
Cisco Systems Inc.
Email: allewi () cisco com<mailto:allewi () cisco com>

From: Snort-users <snort-users-bounces () lists snort org<mailto:snort-users-bounces () lists snort org>> on behalf of 
Kristoffer Ytterbø Sture via Snort-users <snort-users () lists snort org<mailto:snort-users () lists snort org>>
Reply-To: Kristoffer Ytterbø Sture <kristure1993 () gmail com<mailto:kristure1993 () gmail com>>
Date: Thursday, March 29, 2018 at 9:39 AM
To: "snort-users () lists snort org<mailto:snort-users () lists snort org>" <snort-users () lists snort 
org<mailto:snort-users () lists snort org>>
Subject: [Snort-users] Wireless

What tool is best for getting snort to work with wireless?

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Previous By Date Next
Previous By Thread Next

Current thread: