Snort mailing list archives
Re: mail regarding snort 3
From: Noah Dietrich <noah_dietrich () 86penny org>
Date: Thu, 13 Dec 2018 13:22:38 -0500
if you are only seeing alerts generated by ICMP packets, then it sounds like either you only have a single rule enabled detecting ICMP packets, or your traffic is not triggering any other alerts. When you start snort, if you scroll up through the output it will tell you how many rules it has loaded. Here is an example of the number of rules loaded (829 rules) if you use the basic community rules: ... Loading rules: Loading /usr/local/etc/snort/rules/snort3-community.rules: Finished /usr/local/etc/snort/rules/snort3-community.rules. Finished rules. -------------------------------------------------- rule counts rule counts total rules loaded: 829 text rules: 829 option chains: 829 chain headers: 46 -------------------------------------------------- if you provide the command you are using to run snort with its output, the rule files you are using, and your snort.lua file it would be easier to identify where the problem is. Noah On Thu, Dec 13, 2018 at 12:25 PM Patrick Mullen (pamullen) via Snort-users < snort-users () lists snort org> wrote:
Make sure that you are running snort as root and/or have permission to put the interface into promiscuous mode. Thanks, ~Patrick *From: *Divyanshu Banerjee <divyanshubanerjee1 () gmail com> *Date: *Thursday, December 13, 2018 at 6:19 AM *To: *<snort-users () lists snort org> *Subject: *[Snort-users] mail regarding snort 3 Dear member, i am using snort 3 , But only receiving the list of ICMP packets and no other packets are shown, plus it is not showing TCP alert, thanks Divyanshu _______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- mail regarding snort 3 Divyanshu Banerjee via Snort-users (Dec 13)
- Re: mail regarding snort 3 Patrick Mullen (pamullen) via Snort-users (Dec 13)
- Re: mail regarding snort 3 Jose Campos (Dec 13)
- Re: mail regarding snort 3 Noah Dietrich (Dec 13)
- Re: mail regarding snort 3 Divyanshu Banerjee via Snort-users (Dec 13)
- Re: mail regarding snort 3 Noah Dietrich (Dec 14)
- Re: mail regarding snort 3 Divyanshu Banerjee via Snort-users (Dec 14)
- Re: mail regarding snort 3 Patrick Mullen (pamullen) via Snort-users (Dec 13)