Re: Token ring support of snort

[bulent_sahin () tb net tr]

Yes, the interface name is correct. I tried, but same thing happened. 
Program captures some frames, but categorizes them as OTHER. I suppose 
that snort does not undestand  token-ring, llc2 and snap headers?
Thanks
Bulent 





Martin Roesch <roesch () sourcefire com>
Sent by: roesch () mail sourcefire com
01.11.2001 17:04

 
        To:     bulent_sahin () tb net tr
        cc:     snort-users () lists sourceforge net
        Subject:        Re: [Snort-users] Token ring support of snort


Is that the right interface name for the T/R interface?  To get a list
of the interfaces that are available run 'snort -W', then set the
sniffing interface with 'snort -i <intf>'

     -Marty

bulent_sahin () tb net tr wrote:
> Hi,
>
> Does anybody know about token ring support of snort?A few days ago I
> installed snort on my computer, but when I try "snort -v" it assumes
> that all packets are ethernet packets.  Winpcap and ethereal works
> fine. I  pasted "snort -v" output below.
>
> C:\Downloads\Snort-1.8.1-win32-static\Snort-1.8.1-win32\snort -v
> Log directory =
>
>         --== Initializing Snort ==--
>
> Initializing Network Interface \
> Decoding Ethernet on interface \Device\Packet_MDGNDIS41
>
>         --== Initialization Complete ==--
>
> -*> Snort! <*-
> Version 1.8-WIN32 (Build 74)
> By Martin Roesch (roesch () sourcefire com, www.snort.org)
> 1.7-WIN32 Port By Michael Davis (mike () datanerds net, ww
> 1.8-WIN32 Port By Chris Reid (chris.reid@codecraftconsu
>           (based on code from 1.7 port)
>
> =======================================================
> Snort analyzed 1312 out of 1312 packets, dropping 0(0.0
>
> Breakdown by protocol:                Action Stats:
>     TCP: 0          (0.000%)          ALERTS: 0
>     UDP: 0          (0.000%)          LOGGED: 0
>    ICMP: 0          (0.000%)          PASSED: 0
>     ARP: 0          (0.000%)
>    IPv6: 0          (0.000%)
>     IPX: 0          (0.000%)
>   OTHER: 1311       (99.924%)
> DISCARD: 0          (0.000%)
> =======================================================
> Fragmentation Stats:
> Fragmented IP Packets: 0          (0.000%)
>     Fragment Trackers: 0
>    Rebuilt IP Packets: 0
>    Frag elements used: 0
> Discarded(incomplete): 0
>    Discarded(timeout): 0
>   Frag2 memory faults: 0
> =======================================================
> TCP Stream Reassembly Stats:
>         TCP Packets Used: 0          (0.000%)
>          Stream Trackers: 0
>           Stream flushes: 0
>            Segments used: 0
>    Stream4 Memory Faults: 0
> =======================================================
> pcap_loop: read error: PacketReceivePacket failedpcap_s
> r
> Snort received signal 3, exiting
>
> Thanks,
> Bulent

--
Martin Roesch - President, Sourcefire Inc. - (410)552-6999
roesch () sourcefire com - http://www.sourcefire.com 
Snort: Open Source Network IDS - http://www.snort.org