Snort mailing list archives
Re: RE: newbie question
From: Ravi Malghan <rmalghan () yahoo com>
Date: Wed, 6 Aug 2003 05:37:24 -0700 (PDT)
Tyler: I have only one interface. I tried what you suggested. I did a bunch of web requests from the machine and telnet request into the machine. No luck. Here's the output of the commands: ============================= C:\PROGS\Snort\bin>snort -W -*> Snort! <*- Version 2.0.1-ODBC-MySQL-FlexRESP-WIN32 (Build 88) By Martin Roesch (roesch () sourcefire com, www.snort.org) 1.7-WIN32 Port By Michael Davis (mike () datanerds net, www.datanerds.net/~mike) 1.8 - 2.0 WIN32 Port By Chris Reid (chris.reid () codecraftconsultants com) Interface Device Description ------------------------------------------- 1 \Device\NPF_{C66249AC-E359-47DE-AF1D-DA41B5B303CE} (Cisco 350 series Wireless LAN Adapter.) ==================== C:\PROGS\Snort\bin>snort -dv -i 1 Running in packet dump mode Log directory = log Initializing Network Interface \Device\NPF_{C66249AC-E359-47DE-AF1D-DA41B5B303CE } --== Initializing Snort ==-- Initializing Output Plugins! Decoding Ethernet on interface \Device\NPF_{C66249AC-E359-47DE-AF1D-DA41B5B303CE } --== Initialization Complete ==-- -*> Snort! <*- Version 2.0.1-ODBC-MySQL-FlexRESP-WIN32 (Build 88) By Martin Roesch (roesch () sourcefire com, www.snort.org) 1.7-WIN32 Port By Michael Davis (mike () datanerds net, www.datanerds.net/~mike) 1.8 - 2.0 WIN32 Port By Chris Reid (chris.reid () codecraftconsultants com) ======================= Jon: I did reboot the machine after the winpcap installation. I will try the menesis. Thanks Ravi --- "Hudak, Tyler" <Tyler.Hudak () roadway com> wrote:
From the output below, Snort probably isn't hanging...its doing exactly what you want. The only thing is you aren't seeing any packets go by on the interface you are listening to. Run 'snort -W' to list all the available interfaces and make sure you are listening to the interface you want by running 'snort -dv -i #' where # is the number of the interface you want to listen on. Also, try generating some traffic on your local box to make sure you are seeing things go by. Tyler --__--__-- Message: 1 Date: Tue, 5 Aug 2003 15:37:13 -0700 (PDT) From: Ravi Malghan <rmalghan () yahoo com> To: snort-users () lists sourceforge net Subject: [Snort-users] newbie question Hi: i just installed snort and winpcap on a w2K OS. I have not made any changes. When I run snort.exe -dv, it just hangs there. I donot see any packets. I donot see any way to debug and see whatz happening. I tried pinging and telnetting to the host when this was running. What am I missing here. Thanks in advance. RM ================= C:\PROGS\Snort\bin>snort.exe -dv Running in packet dump mode Log directory = log Initializing Network Interface \Device\NPF_{C66249AC-E359-47DE-AF1D-DA41B5B303CE } --== Initializing Snort ==-- Initializing Output Plugins! Decoding Ethernet on interface \Device\NPF_{C66249AC-E359-47DE-AF1D-DA41B5B303CE } --== Initialization Complete ==-- -*> Snort! <*- Version 2.0.1-ODBC-MySQL-FlexRESP-WIN32 (Build 88) By Martin Roesch (roesch () sourcefire com, www.snort.org) 1.7-WIN32 Port By Michael Davis (mike () datanerds net, www.datanerds.net/~mike) 1.8 - 2.0 WIN32 Port By Chris Reid (chris.reid () codecraftconsultants com) ========================
__________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- newbie question Ravi Malghan (Aug 05)
- Re: newbie question Jon Baer (Aug 05)
- <Possible follow-ups>
- RE: newbie question Hudak, Tyler (Aug 06)
- Re: RE: newbie question Ravi Malghan (Aug 06)
- Re: newbie question Hudak, Tyler (Aug 06)
- Re: Re: newbie question Ravi Malghan (Aug 06)
- RE: newbie question Hudak, Tyler (Aug 07)