OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: bulent_sahintb.net.tr
Date: Thu Nov 01 2001 - 09:45:04 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Yes, the interface name is correct. I tried, but same thing happened.
    Program captures some frames, but categorizes them as OTHER. I suppose
    that snort does not undestand token-ring, llc2 and snap headers?
    Thanks
    Bulent

    Martin Roesch <roeschsourcefire.com>
    Sent by: roeschmail.sourcefire.com
    01.11.2001 17:04

     
            To: bulent_sahintb.net.tr
            cc: snort-userslists.sourceforge.net
            Subject: Re: [Snort-users] Token ring support of snort

    Is that the right interface name for the T/R interface? To get a list
    of the interfaces that are available run 'snort -W', then set the
    sniffing interface with 'snort -i <intf>'

         -Marty

    bulent_sahintb.net.tr wrote:
    >
    > Hi,
    >
    > Does anybody know about token ring support of snort?A few days ago I
    > installed snort on my computer, but when I try "snort -v" it assumes
    > that all packets are ethernet packets. Winpcap and ethereal works
    > fine. I pasted "snort -v" output below.
    >
    > C:\Downloads\Snort-1.8.1-win32-static\Snort-1.8.1-win32\snort -v
    > Log directory =
    >
    > --== Initializing Snort ==--
    >
    > Initializing Network Interface \
    > Decoding Ethernet on interface \Device\Packet_MDGNDIS41
    >
    > --== Initialization Complete ==--
    >
    > -*> Snort! <*-
    > Version 1.8-WIN32 (Build 74)
    > By Martin Roesch (roeschsourcefire.com, www.snort.org)
    > 1.7-WIN32 Port By Michael Davis (mikedatanerds.net, ww
    > 1.8-WIN32 Port By Chris Reid (chris.reidcodecraftconsu
    > (based on code from 1.7 port)
    >
    > =======================================================
    > Snort analyzed 1312 out of 1312 packets, dropping 0(0.0
    >
    > Breakdown by protocol: Action Stats:
    > TCP: 0 (0.000%) ALERTS: 0
    > UDP: 0 (0.000%) LOGGED: 0
    > ICMP: 0 (0.000%) PASSED: 0
    > ARP: 0 (0.000%)
    > IPv6: 0 (0.000%)
    > IPX: 0 (0.000%)
    > OTHER: 1311 (99.924%)
    > DISCARD: 0 (0.000%)
    > =======================================================
    > Fragmentation Stats:
    > Fragmented IP Packets: 0 (0.000%)
    > Fragment Trackers: 0
    > Rebuilt IP Packets: 0
    > Frag elements used: 0
    > Discarded(incomplete): 0
    > Discarded(timeout): 0
    > Frag2 memory faults: 0
    > =======================================================
    > TCP Stream Reassembly Stats:
    > TCP Packets Used: 0 (0.000%)
    > Stream Trackers: 0
    > Stream flushes: 0
    > Segments used: 0
    > Stream4 Memory Faults: 0
    > =======================================================
    > pcap_loop: read error: PacketReceivePacket failedpcap_s
    > r
    > Snort received signal 3, exiting
    >
    > Thanks,
    > Bulent 

    --
Martin Roesch - President, Sourcefire Inc. - (410)552-6999
roeschsourcefire.com - http://www.sourcefire.com 
Snort: Open Source Network IDS - http://www.snort.org

    _______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users