Snort mailing list archives
Re: Wireless
From: Kristoffer Ytterbø Sture via Snort-users <snort-users () lists snort org>
Date: Thu, 29 Mar 2018 14:42:18 +0000
Snort -W(capitalized) lists all the interfaces here. I will try however, but it seems like snort doesn't recognize my wlan adapter. Den tor. 29. mar. 2018, 16:30 skrev Al Lewis (allewi) <allewi () cisco com>:
Run snort -? in order to see the correct options. Please use “-i” to specify the interface. (there isn’t a -w) USAGE: /var/tmp/snort-2.9.11/bin/snort [-options] <filter options> Options: -A Set alert mode: fast, full, console, test or none (alert file alerts only) "unsock" enables UNIX socket logging (experimental). -b Log packets in tcpdump format (much faster!) -B <mask> Obfuscated IP addresses in alerts and packet dumps using CIDR mask -c <rules> Use Rules File <rules> -C Print out payloads with character data only (no hex) -d Dump the Application Layer -D Run Snort in background (daemon) mode -e Display the second layer header info -f Turn off fflush() calls after binary log writes -F <bpf> Read BPF filters from file <bpf> -g <gname> Run snort gid as <gname> group (or gid) after initialization -G <0xid> Log Identifier (to uniquely id events for multiple snorts) -h <hn> Set home network = <hn> (for use with -l or -B, does NOT change $HOME_NET in IDS mode) -H Make hash tables deterministic. -i <if> Listen on interface <if> -I Add Interface name to alert output -k <mode> Checksum mode (all,noip,notcp,noudp,noicmp,none) -K <mode> Logging mode (pcap[default],ascii,none) -l <ld> Log to directory <ld> -L <file> Log to this tcpdump file -M Log messages to syslog (not alerts) -m <umask> Set umask = <umask> -n <cnt> Exit after receiving <cnt> packets -N Turn off logging (alerts still work) -O Obfuscate the logged IP addresses -p Disable promiscuous mode sniffing -P <snap> Set explicit snaplen of packet (default: 1514) -q Quiet. Don't show banner and status report -Q Enable inline mode operation. -r <tf> Read and process tcpdump file <tf> -R <id> Include 'id' in snort_intf<id>.pid file name -s Log alert messages to syslog -S <n=v> Set rules file variable n equal to value v -t <dir> Chroots process to <dir> after initialization -T Test and report on the current Snort configuration -u <uname> Run snort uid as <uname> user (or uid) after initialization -U Use UTC for timestamps -v Be verbose -V Show version number -X Dump the raw packet data starting at the link layer -x Exit if Snort configuration problems occur -y Include year in timestamp in the alert and log files -Z <file> Set the performonitor preprocessor file path and name -? Show this information *Albert Lewis* ENGINEER.SOFTWARE ENGINEERING Cisco Systems Inc. Email: allewi () cisco com *From: *Kristoffer Ytterbø Sture <kristure1993 () gmail com> *Date: *Thursday, March 29, 2018 at 10:09 AM *To: *"Al Lewis (allewi)" <allewi () cisco com> *Cc: *"snort-users () lists snort org" <snort-users () lists snort org> *Subject: *Re: [Snort-users] Wireless I am using snort -W and my wlan interface doesnt show up Den tor. 29. mar. 2018, 16:04 skrev Al Lewis (allewi) <allewi () cisco com>: What command are you using to start snort? What error are you seeing? *Albert Lewis* ENGINEER.SOFTWARE ENGINEERING Cisco Systems Inc. Email: allewi () cisco com *From: *Kristoffer Ytterbø Sture <kristure1993 () gmail com> *Date: *Thursday, March 29, 2018 at 9:50 AM *To: *"Al Lewis (allewi)" <allewi () cisco com> *Cc: *"snort-users () lists snort org" <snort-users () lists snort org> *Subject: *Re: [Snort-users] Wireless It can't find my wireless adaptor Den tor. 29. mar. 2018, 15:44 skrev Al Lewis (allewi) <allewi () cisco com>: Hello Can you define what you mean by “work with wireless”. Snort can inspect/decode wireless network traffic. *Albert Lewis* ENGINEER.SOFTWARE ENGINEERING Cisco Systems Inc. Email: allewi () cisco com *From: *Snort-users <snort-users-bounces () lists snort org> on behalf of Kristoffer Ytterbø Sture via Snort-users <snort-users () lists snort org> *Reply-To: *Kristoffer Ytterbø Sture <kristure1993 () gmail com> *Date: *Thursday, March 29, 2018 at 9:39 AM *To: *"snort-users () lists snort org" <snort-users () lists snort org> *Subject: *[Snort-users] Wireless What tool is best for getting snort to work with wireless?
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- Wireless Kristoffer Ytterbø Sture via Snort-users (Mar 29)
- Re: Wireless Al Lewis (allewi) via Snort-users (Mar 29)
- Re: Wireless Kristoffer Ytterbø Sture via Snort-users (Mar 29)
- Re: Wireless Al Lewis (allewi) via Snort-users (Mar 29)
- Re: Wireless Kristoffer Ytterbø Sture via Snort-users (Mar 29)
- Re: Wireless Al Lewis (allewi) via Snort-users (Mar 29)
- Re: Wireless Kristoffer Ytterbø Sture via Snort-users (Mar 29)
- Re: Wireless Kristoffer Ytterbø Sture via Snort-users (Mar 29)
- Re: Wireless Al Lewis (allewi) via Snort-users (Mar 29)
- Re: Wireless Russ via Snort-users (Mar 29)