Snort mailing list archives

Re: Am I missing Something? (changes from 1.8.2 to 1.8.3 ?)

From: Scott Nursten <scottn () s2s ltd uk>
Date: Tue, 12 Feb 2002 18:54:55 +0000

KISS is a good idea ;) Also, just try a simple snort -v and see if it's
dumping traffic normally - tcpdump style. This is also a good initial test.

Regards,

Scott 

On 12/2/02 1:01 am, "Semerjian, Ohanes" <Semerjian.Ohanes () wcom com au>
wrote:

Just keep it simple to start with something like

/path/snort -c /path/snort.conf and see if u r snort machine will pickup
something, also for test purpose leave the external and home net as (any to
any ). Once working refine it as u like.



Best Regards

Ohanes Semerjian


-----Original Message-----
From: Dany Allard [mailto:dallard () alterna com]
Sent: Tuesday, 12 February 2002 7:59
To: snort-users () lists sourceforge net
Subject: [Snort-users] Am I missing Something? (changes from 1.8.2 to
1.8.3 ?)


Hello Everyone.

Here is my problem.

Using  a recent snort.conf file (snort.conf,v 1.82 2002/01/20 04:35:40
roesch) I can get snort 1.8.2 to work perfectly.
However if I use the same snort.conf file, same rules, and same command
to start it up
"/usr/local/bin/snort -D -b -c /etc/snort/snort.conf -h xxx.xxx.xxx.0/24
-i eth1" with version 1.8.3 I don't get anything.
I then use a second machine to portscan (nmap) my HOME_NET, nothing
shows up in portscan.log using 1.8.3. but 1.8.2 picks up everything.

To answer the usual questions:
I have read the FAQ, INSTALL,Changelog, and README files.
I have also searched through the archives.
I am running the  2.2.14-15 linux kernel.
I am also using libnet-1.0-1mdk, libtermcap-devel-2.0.8-16mdk,
libpcap-0.4-3mdk.

Snort was compiled using the standard (configure, make, make install).

Did I miss something in the Documentation? The Archives? Do I need a
newer version (kernel, libraries)?

Any assistance or even guesses would be helpful.

Thanks

Dany Allard

P.S. I also tried snort-current downloaded this morning (Feb 11 2002)
with no success.


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-- 



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

RE: Am I missing Something? (changes from 1.8.2 to 1.8.3 ?) Semerjian, Ohanes (Feb 11)
- Re: Am I missing Something? (changes from 1.8.2 to 1.8.3 ?) Scott Nursten (Feb 12)