Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Snort-devel] Snort Configuration Problems

From: "Michael Steele" <michaels () winsnort com>
Date: Wed, 2 Jan 2013 13:49:51 -0500
Sorry,

 

It appears you might not have WinPcap installed. Go to WinSnort.com and
frollw one of the guided installs to get Snort installed and functioning up
to using the -W switch.

 

Best regards,

Michael...

 

WINSNORT.com Management Team Member

--

****************** Established ~ 2001 *******************

*          Visit Us @  <http://www.winsnort.com/> http://www.winsnort.com
*

*      ~~ FREE WinIDS Snort installation guides ~~      *

*               ~~ FREE support forums ~~               *

* Snort: Open Source Network IDS -  <http://www.snort.org/>
http://www.snort.org *

*********************************************************

 

From: Michael Steele [mailto:michaels () winsnort com] 
Sent: Wednesday, January 02, 2013 10:00 AM
To: 'Natalie Woh'
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] [Snort-devel] Snort Configuration Problems

 

It appears not to find interface 2. From an open CMD window type
'c:\snort\bin\snort -W'  (less the outside quotes), and tap the enter key.

 

Make sure you are selecting the correct interface.

 

Example: c:\snort\bin\snort -c c:\snort\etc\snort.conf -l c:\snort\log -i1

 

Best regards,

Michael...

 

WINSNORT.com Management Team Member

--

****************** Established ~ 2001 *******************

*          Visit Us @  <http://www.winsnort.com/> http://www.winsnort.com
*

*      ~~ FREE WinIDS Snort installation guides ~~      *

*               ~~ FREE support forums ~~               *

* Snort: Open Source Network IDS -  <http://www.snort.org/>
http://www.snort.org *

*********************************************************

 

From: Natalie Woh [mailto:lunchisserved () hotmail com] 
Sent: Wednesday, January 02, 2013 3:14 AM
To: michaels () winsnort com <mailto:michaels () winsnort com> 
Subject: RE: [Snort-devel] Snort Configuration Problems

 

Hi Michael

 

Thank you for the reply.

 

The \ was not added to the tail of the configuration line.

 

I have tried re-installing snort and even installing snort in another
computer however, I am still unable to get it configured successfully.

 

Error Message from snort in the new computer:

 

C:\Snort\bin>snort -W

 

   ,,_     -*> Snort! <*-

  o"  )~   Version 2.9.4-WIN32 GRE (Build 40)

   ''''    By Martin Roesch & The Snort Team:
http://www.snort.org/snort/snort-t

eam

           Copyright (C) 1998-2012 Sourcefire, Inc., et al.

           Using PCRE version: 8.10 2010-06-25

           Using ZLIB version: 1.2.3

 

Index   Physical Address        IP Address      Device Name     Description

-----   ----------------        ----------      -----------     -----------

 

C:\Snort\bin>snort -c c:\snort\etc\snort.conf -l c:\snort\log -i 2

ERROR: Invalid device number: 2.

Fatal Error, Quitting..

Could not create the registry key.

 

I hope to hear from you at your earliest convenience.

 

Thank you for your time.

 

Best Regards

Natalie

  _____  

From: michaels () winsnort com <mailto:michaels () winsnort com> 
To: lunchisserved () hotmail com <mailto:lunchisserved () hotmail com> ;
snort-users () lists sourceforge net <mailto:snort-users () lists sourceforge net>

Subject: RE: [Snort-devel] Snort Configuration Problems
Date: Sun, 30 Dec 2012 09:01:05 -0500

I've seen this happen when the \ has been added to the tail if the
configuration line. It must be removed in Windows.

 

When Snort is installed the folder 'snort\lib\snort_dynamicrules' is
created, and there should be several files inside that folder.

 

Directory of c:\snort\lib\snort_dynamicpreprocessor

 

11/16/2012  02:40 PM           196,608 sf_dce2.dll

11/16/2012  02:41 PM            32,768 sf_dnp3.dll

11/16/2012  02:39 PM            24,576 sf_dns.dll

11/16/2012  02:39 PM            65,536 sf_ftptelnet.dll

11/16/2012  02:41 PM            36,864 sf_gtp.dll

11/16/2012  02:40 PM           192,512 sf_imap.dll

11/16/2012  02:41 PM            24,576 sf_modbus.dll

11/16/2012  02:41 PM           192,512 sf_pop.dll

11/16/2012  02:41 PM            32,768 sf_reputation.dll

11/16/2012  02:40 PM            32,768 sf_sdf.dll

11/16/2012  02:40 PM            45,056 sf_sip.dll

11/16/2012  02:39 PM           208,896 sf_smtp.dll

11/16/2012  02:39 PM            24,576 sf_ssh.dll

11/16/2012  02:39 PM            28,672 sf_ssl.dll

              14 File(s)      1,138,688 bytes

 

If listing the Snort files and folders is a problem, try uninstalling Snort,
and reinstalling. If file and folder problems persist there might be a
hardware issue.

 

Best regards,

Michael...

 

WINSNORT.com Management Team Member

--

****************** Established ~ 2001 *******************

*          Visit Us @  <http://www.winsnort.com/> http://www.winsnort.com
*

*      ~~ FREE WinIDS Snort installation guides ~~      *

*               ~~ FREE support forums ~~               *

* Snort: Open Source Network IDS -  <http://www.snort.org/>
http://www.snort.org *

*********************************************************

 

From: Natalie Woh [mailto:lunchisserved () hotmail com] 
Sent: Sunday, December 30, 2012 1:24 AM
To: michaels () winsnort com <mailto:michaels () winsnort com> ;
snort-devel () lists sourceforge net <mailto:snort-devel () lists sourceforge net>

Subject: RE: [Snort-devel] Snort Configuration Problems

 

Hi Michael 

 

Thank you for your reply.

I think I am missing some file. When I ran Snort in IDS mode, I got this
message:

ERROR: c:\snort\etc\snort.conf(253) Could not stat dynamic module path
"c:\snort

\lib\snort_dynamicrules": No such file or directory.

 

I hope to hear from you at your earliest convenience.

 

Thank you for your time.

 

Best Regards

Natalie

 

  _____  

From: michaels () winsnort com <mailto:michaels () winsnort com> 
To: lunchisserved () hotmail com <mailto:lunchisserved () hotmail com> ;
snort-devel () lists sourceforge net <mailto:snort-devel () lists sourceforge net>

Subject: RE: [Snort-devel] Snort Configuration Problems
Date: Sat, 29 Dec 2012 16:44:01 -0500

Natalie,

 

Original Line(s): dynamicpreprocessor directory
/usr/local/lib/snort_dynamicpreprocessor/
Change to: dynamicpreprocessor directory
c:\snort\lib\snort_dynamicpreprocessor

 

Best regards,

Michael...

 

WINSNORT.com Management Team Member

--

****************** Established ~ 2001 *******************

*          Visit Us @  <http://www.winsnort.com/> http://www.winsnort.com
*

*      ~~ FREE WinIDS Snort installation guides ~~      *

*               ~~ FREE support forums ~~               *

* Snort: Open Source Network IDS -  <http://www.snort.org/>
http://www.snort.org *

*********************************************************

 

From: Natalie Woh [mailto:lunchisserved () hotmail com] 
Sent: Wednesday, December 26, 2012 1:27 AM
To: snort-devel () lists sourceforge net
<mailto:snort-devel () lists sourceforge net> 
Subject: [Snort-devel] Snort Configuration Problems

 

Dear Sir/Mdm

 

I am experiencing problems configuring Snort.

 

I typed "dir" and got this message:

C:\Snort\bin>dir

 Volume in drive C has no label.

 Volume Serial Number is 4EC9-0980

 

 Directory of C:\Snort\bin

 

05/12/2012  02:47 PM    <DIR>          .

05/12/2012  02:47 PM    <DIR>          ..

24/06/2010  09:58 PM            54,784 npptools.dll

02/11/2010  02:16 AM           274,489 ntwdblib.dll

02/11/2010  02:16 AM           262,226 Packet.dll

03/12/2003  11:22 PM            94,208 pcre.dll

01/08/2012  01:34 AM         1,167,360 snort.exe

02/11/2010  02:16 AM            53,326 WanPacket.dll

25/06/2010  01:41 AM           258,126 wpcap.dll

28/01/2010  05:50 AM            73,728 zlib1.dll

               8 File(s)      2,238,247 bytes

               2 Dir(s)  229,230,264,320 bytes free

 

While running Snort in IDS mode, I got this message:

Initializing Output Plugins!

Initializing Preprocessors!

Initializing Plug-ins!

Parsing Rules file "C:\Snort\etc\snort.conf"

PortVar 'HTTP_PORTS' defined :  [ 80:81 311 591 593 901 1220 1414 1830 2301
2381

 2809 3128 3702 4343 5250 7001 7145 7510 7777 7779 8000 8008 8014 8028 8080
8088

 8118 8123 8180:8181 8243 8280 8800 8888 8899 9080 9090:9091 9443 9999 11371
555

55 ]

PortVar 'SHELLCODE_PORTS' defined :  [ 0:79 81:65535 ]

PortVar 'ORACLE_PORTS' defined :  [ 1024:65535 ]

PortVar 'SSH_PORTS' defined :  [ 22 ]

PortVar 'FTP_PORTS' defined :  [ 21 2100 3535 ]

PortVar 'SIP_PORTS' defined :  [ 5060:5061 5600 ]

PortVar 'FILE_DATA_PORTS' defined :  [ 80:81 110 143 311 591 593 901 1220
1414 1

830 2301 2381 2809 3128 3702 4343 5250 7001 7145 7510 7777 7779 8000 8008
8014 8

028 8080 8088 8118 8123 8180:8181 8243 8280 8800 8888 8899 9080 9090:9091
9443 9

999 11371 55555 ]

PortVar 'GTP_PORTS' defined :  [ 2123 2152 3386 ]

Detection:

   Search-Method = AC-Full-Q

    Split Any/Any group = enabled

    Search-Method-Optimizations = enabled

    Maximum pattern length = 20

ERROR: C:\Snort\etc\snort.conf(247) Could not stat dynamic module path
"c:snort\

lib\snort_dynamicpreprocessor": No such file or directory.

 

Fatal Error, Quitting..

Could not create the registry key.

 

I hope to hear from you at your earliest convenience.

 

Thank you for your time.

 

Best Regards

Natalie


------------------------------------------------------------------------------
Master Java SE, Java EE, Eclipse, Spring, Hibernate, JavaScript, jQuery
and much more. Keep your Java skills current with LearnJavaNow -
200+ hours of step-by-step video tutorials by Java experts.
SALE $49.99 this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122612 
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: