[prev in list] [next in list] [prev in thread] [next in thread]
List: snort-users
Subject: Re: [Snort-users] How to start and monitor packets on windows
From: VINAY_SHARMA () advanex ! co ! jp
Date: 2006-07-21 2:50:25
Message-ID: OF14BBAE63.250F1C1D-ON492571B2.000F4370-492571B2.000FB968 () advanex ! co ! jp
[Download RAW message or body]
Hi rich,
Thnaks for instructions.now i can run and reciving packets
over 3rd interface.your info is great.but snort not generated any logs in
log folder.please tell me for how to get logs in logs folder i am running
snort as
snort -vde -i 3
Thanks & regards
**************************************
Vinay Sharma
I I S
Advanex Inc (www.advanex.co.jp)
Fon : 813-3822-5863
Fax : 813-5815-7881
Email : vinay_sharma@advanex.co.jp
\
Joel Esler \
<joel.esler@sourcefire.com> �$B08@h�(B: Rich \
Adamson <radamson@routers.com> \
�$BAw?.<T�(B: cc: \
snort-users@lists.sourceforge.net \
snort-users-bounces@lists.sour �$B7oL>�(B: Re: \
[Snort-users] How to start and monitor packets on windows \
ceforge.net \
\
\
2006/07/20 21:52 \
\
\
On the Windows OS you *can* use "-i 1". It specifies the first interface
found. (So you just have to watch, if you have, say, a built in modem or
something. Because Windows will sniff your modem if you have the wrong
interface.
Just make sure you have a space in between "-i" and "1". ("-i 1")
You can look the order up in the registry, or you can just run 'snort -vde
-i 1' then try 'snort -vde -i 2'.... etc.. until you find your traffic.
J
On Thu, Jul 20, 2006 at 05:13:00AM -0500, Rich Adamson sent me:
> VINAY_SHARMA@advanex.co.jp wrote:
> > Hi,
> >
> > I am new for snort.i installed wincap,snort 2.x and IDScenter on
> > windows xp.when i trying to start snort there is fatal error:
> >
> >
> > on telenet decode arguments:
> > port to decode telnet on: 21 23 25 119
> >
> > Error: c:\snort\rules\attack-responses.rules(11) => unknown
> > classtype:bad-unknow
> > fatal error, quiting..
>
> The above is telling you the rules in attack-responses.rules file has an
> error, its probably on line 11, and unless you copy/pasted the error
> message incorrectly, it looks like "bad-unknow" should have an "n" at
> the end of that string.
>
> > if i try to run sonrt from command line on bin directory with snort -v
-i1
> > it will be start but i can not see any packets transaction when i am
> > browsing any site.
>
> Then either interface "-i1" is incorrect, or, the sniffing interface is
> attached to an ethernet switch that is masking the data from you. If you
> are using a switch, you'll either need to replace it with a hub,
> purchase a "tap", or change your network somehow to see the traffic of
> interest.
>
>
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share
your
> opinions on IT & business topics through brief surveys -- and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
+---------------------------------------------------------------------+
Joel Esler Senior Security Consultant 1-706-627-2101
Sourcefire Security for the /Real/ World -- http://www.sourcefire.com
Snort - Open Source Network IPS/IDS -- http://www.snort.org
GPG Key: http://demo.sourcefire.com/jesler.pgp.key
AIM:eslerjoel YMSG:eslerjoel Gtalk:eslerj
+---------------------------------------------------------------------+
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share
your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic