Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Wireless

From: Kristoffer Ytterbø Sture via Snort-users <snort-users () lists snort org>
Date: Thu, 29 Mar 2018 14:42:18 +0000
Snort -W(capitalized) lists all the interfaces here. I will try however,
but it seems like snort doesn't recognize my wlan adapter.

Den tor. 29. mar. 2018, 16:30 skrev Al Lewis (allewi) <allewi () cisco com>:


Run snort -? in order to see the correct options.



Please use “-i” to specify the interface. (there isn’t a -w)





USAGE: /var/tmp/snort-2.9.11/bin/snort [-options] <filter options>

Options:

        -A         Set alert mode: fast, full, console, test or none
(alert file alerts only)

                   "unsock" enables UNIX socket logging (experimental).

        -b         Log packets in tcpdump format (much faster!)

        -B <mask>  Obfuscated IP addresses in alerts and packet dumps
using CIDR mask

        -c <rules> Use Rules File <rules>

        -C         Print out payloads with character data only (no hex)

        -d         Dump the Application Layer

        -D         Run Snort in background (daemon) mode

        -e         Display the second layer header info

        -f         Turn off fflush() calls after binary log writes

        -F <bpf>   Read BPF filters from file <bpf>

        -g <gname> Run snort gid as <gname> group (or gid) after
initialization

        -G <0xid>  Log Identifier (to uniquely id events for multiple
snorts)

        -h <hn>    Set home network = <hn>

                   (for use with -l or -B, does NOT change $HOME_NET in
IDS mode)

        -H         Make hash tables deterministic.

        -i <if>    Listen on interface <if>

        -I         Add Interface name to alert output

        -k <mode>  Checksum mode (all,noip,notcp,noudp,noicmp,none)

        -K <mode>  Logging mode (pcap[default],ascii,none)

        -l <ld>    Log to directory <ld>

        -L <file>  Log to this tcpdump file

        -M         Log messages to syslog (not alerts)

        -m <umask> Set umask = <umask>

        -n <cnt>   Exit after receiving <cnt> packets

        -N         Turn off logging (alerts still work)

        -O         Obfuscate the logged IP addresses

        -p         Disable promiscuous mode sniffing

        -P <snap>  Set explicit snaplen of packet (default: 1514)

        -q         Quiet. Don't show banner and status report

        -Q         Enable inline mode operation.

        -r <tf>    Read and process tcpdump file <tf>

        -R <id>    Include 'id' in snort_intf<id>.pid file name

        -s         Log alert messages to syslog

        -S <n=v>   Set rules file variable n equal to value v

        -t <dir>   Chroots process to <dir> after initialization

        -T         Test and report on the current Snort configuration

        -u <uname> Run snort uid as <uname> user (or uid) after
initialization

        -U         Use UTC for timestamps

        -v         Be verbose

        -V         Show version number

        -X         Dump the raw packet data starting at the link layer

        -x         Exit if Snort configuration problems occur

        -y         Include year in timestamp in the alert and log files

        -Z <file>  Set the performonitor preprocessor file path and name

        -?         Show this information







*Albert Lewis*

ENGINEER.SOFTWARE ENGINEERING

Cisco Systems Inc.

Email: allewi () cisco com



*From: *Kristoffer Ytterbø Sture <kristure1993 () gmail com>
*Date: *Thursday, March 29, 2018 at 10:09 AM


*To: *"Al Lewis (allewi)" <allewi () cisco com>
*Cc: *"snort-users () lists snort org" <snort-users () lists snort org>
*Subject: *Re: [Snort-users] Wireless



I am using snort -W and my wlan interface doesnt show up

Den tor. 29. mar. 2018, 16:04 skrev Al Lewis (allewi) <allewi () cisco com>:

What command are you using to start snort? What error are you seeing?



*Albert Lewis*

ENGINEER.SOFTWARE ENGINEERING

Cisco Systems Inc.

Email: allewi () cisco com



*From: *Kristoffer Ytterbø Sture <kristure1993 () gmail com>
*Date: *Thursday, March 29, 2018 at 9:50 AM
*To: *"Al Lewis (allewi)" <allewi () cisco com>
*Cc: *"snort-users () lists snort org" <snort-users () lists snort org>
*Subject: *Re: [Snort-users] Wireless




It can't find my wireless adaptor



Den tor. 29. mar. 2018, 15:44 skrev Al Lewis (allewi) <allewi () cisco com>:

Hello



Can you define what you mean by “work with wireless”. Snort can
inspect/decode wireless network traffic.





*Albert Lewis*

ENGINEER.SOFTWARE ENGINEERING

Cisco Systems Inc.

Email: allewi () cisco com



*From: *Snort-users <snort-users-bounces () lists snort org> on behalf of
Kristoffer Ytterbø Sture via Snort-users <snort-users () lists snort org>
*Reply-To: *Kristoffer Ytterbø Sture <kristure1993 () gmail com>
*Date: *Thursday, March 29, 2018 at 9:39 AM
*To: *"snort-users () lists snort org" <snort-users () lists snort org>
*Subject: *[Snort-users] Wireless



What tool is best for getting snort to work with wireless?



_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Previous By Date Next
Previous By Thread Next

Current thread: