Snort mailing list archives
RE: HELP!!! HELP!!! HELP!!!
From: "Michael Steele" <michaels () winsnort com>
Date: Fri, 12 Nov 2004 19:05:56 -0800
He's having a pcap problem. Go get the docs and start over with a new install, who knows what you may have done. Kindest regards, Michael... WINSNORT.com Management Team Member -- Pick up your FREE Windows or UNIX Snort installation guides mailto:support () winsnort com Website: http://www.winsnort.com Snort: Open Source Network IDS - http://www.snort.org
-----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users- admin () lists sourceforge net] On Behalf Of Matthew K. Lee Sent: Friday, November 12, 2004 6:42 AM To: Jeremiah J Batac Cc: snort-users () lists sourceforge net Subject: RE: [Snort-users] HELP!!! HELP!!! HELP!!! Jeremiah, I think you may be missing your Unicode.map file. Try to place that file where it needs to be. If that doesn't work, you might try to comment out the http_inspect lines to see if you have a configuration problem there. If that still doesn't work, you may want to post your snort.conf file to the list. Thanks, Matt -----Original Message----- From: Jeremiah J Batac [mailto:jjbatac () yahoo com] Sent: Friday, November 12, 2004 6:28 AM To: snort-users () lists sourceforge net Subject: [Snort-users] HELP!!! HELP!!! HELP!!! hello snort users,,, im a newbie in the IDS field. Im trying my best to make this snort thing to work in Windows XP. I'm so frustrated coz after downloading tons of documents to help me set it up, tried all their steps and guess what its partially working... Can somebody kind enough to walk me through to make it work. current softwares to install snort that i have right now are the following... acid adodb dbtools libnet-1.0.2f packetbuild-1.4 php-4.3.9-win32 phplot-4.4.6 application_service mysqlsetup snort-2_1_0 winpcap_3_0 I already tried to install and follow the steps 5times and unfortunately i just go up to this point C:\Snort>snort Running in IDS mode with inferred config file: ./snort.conf Log directory = log Initializing Network Interface \Device\NPF_{3A842A08-FAFC-4986-A869-4AB8B6C9DD67 } --== Initializing Snort ==-- Initializing Output Plugins! Decoding Ethernet on interface \Device\NPF_{3A842A08-FAFC-4986-A869-4AB8B6C9DD67 } Initializing Preprocessors! Initializing Plug-ins! Parsing Rules file ./snort.conf +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... ,-----------[Flow Config]---------------------- | Stats Interval: 0 | Hash Method: 2 | Memcap: 10485760 | Rows : 4099 | Overhead Bytes: 16400(%0.16) `---------------------------------------------- No arguments to frag2 directive, setting defaults to: Fragment timeout: 60 seconds Fragment memory cap: 4194304 bytes Fragment min_ttl: 0 Fragment ttl_limit: 5 Fragment Problems: 0 Self preservation threshold: 500 Self preservation period: 90 Suspend threshold: 1000 Suspend period: 30 Stream4 config: Stateful inspection: ACTIVE Session statistics: INACTIVE Session timeout: 30 seconds Session memory cap: 8388608 bytes State alerts: INACTIVE Evasion alerts: INACTIVE Scan alerts: INACTIVE Log Flushed Streams: INACTIVE MinTTL: 1 TTL Limit: 5 Async Link: 0 State Protection: 0 Self preservation threshold: 50 Self preservation period: 90 Suspend threshold: 200 Suspend period: 30 Stream4_reassemble config: Server reassembly: INACTIVE Client reassembly: ACTIVE Reassembler alerts: ACTIVE Zero out flushed packets: INACTIVE flush_data_diff_size: 500 Ports: 21 23 25 53 80 110 111 143 513 1433 Emergency Ports: 21 23 25 53 80 110 111 143 513 1433 ERROR: ./snort.conf(287) => Invalid file name for IIS Unicode Map file. Fatal Error, Quitting.. C:\Snort> hope this will help. like you i would like to be a pioneer on this OpenSource IDS. Help is much appreciated. Thank you very much. __________________________________ Do you Yahoo!? Check out the new Yahoo! Front Page. www.yahoo.com ------------------------------------------------------- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_idU88&alloc_id065&op=ick _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-users
------------------------------------------------------- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- HELP!!! HELP!!! HELP!!! Jeremiah J Batac (Nov 12)
- RE: HELP!!! HELP!!! HELP!!! Jim Hendrick (Nov 12)
- RE: HELP!!! HELP!!! HELP!!! Michael Steele (Nov 12)
- Re: HELP!!! HELP!!! HELP!!! Theodore Stout (Nov 12)
- <Possible follow-ups>
- Re: RE: HELP!!! HELP!!! HELP!!! jrhendri (Nov 12)
- RE: HELP!!! HELP!!! HELP!!! Matthew K. Lee (Nov 12)
- RE: HELP!!! HELP!!! HELP!!! Michael Steele (Nov 12)
- FW: HELP!!! HELP!!! HELP!!! Matthew K. Lee (Nov 12)
- RE: HELP!!! HELP!!! HELP!!! SN ORT (Nov 12)
- Re: HELP!!! HELP!!! HELP!!! M. Shirk (Nov 12)
- RE: HELP!!! HELP!!! HELP!!! Harper, Patrick (Nov 12)
- RE: HELP!!! HELP!!! HELP!!! Jim Hendrick (Nov 12)