[Snort-devel] DPX Output Verification

Amtul Saboor saboor.amtul at ...2499...
Sat Dec 14 02:35:26 EST 2013


The reason that I think I am not doing it correctly is that in the README
file in the SRC directory of DPX, following lines are writen:

"Test output:

dpx.c:86: registered
dpx.c:123: pod[0](test/snort.conf:3): port = 8
dpx.c:159: pod[0]: initialized
dpx.c:123: pod[1](test/10.1.conf:2): port = 80
dpx.c:159: pod[1]: initialized
dpx.c:186: pod[1]: src = 12345, dst = 8
dpx.c:186: pod[1]: src = 8, dst = 12345
dpx.c:186: pod[1]: src = 12345, dst = 80
3       256     2       0
dpx.c:186: pod[0]: src = 12345, dst = 8
4       256     2       0
dpx.c:186: pod[0]: src = 8, dst = 12345
5       256     1       0
dpx.c:186: pod[0]: src = 12345, dst = 80"

How can I get this output? I certainly do not get this output when i run
test.sh file (the output is displayed in the previous message). So what
could be the possible issues.

Any help would be appreciated.

Thanks and regards


On Wed, Nov 27, 2013 at 10:16 PM, Amtul Saboor <saboor.amtul at ...2499...>wrote:

> Hello,
>
> I need to verify if I am doing it correctly. because i dont think dpx.c is
> running the way it should. This is my output when i type ./test.sh :
>
>
> root at ...3454...:/usr/src/dpx-1.6# cd /usr/src/dp
> root at ...3454...:/usr/src/dp# ./test.sh
> ./setup.sh: line 1: /root/snort: is a directory
> Running in IDS mode
>
>         --== Initializing Snort ==--
> Initializing Output Plugins!
> Initializing Preprocessors!
> Initializing Plug-ins!
> Parsing Rules file "test/snort.conf"
> Tagged Packet Limit: 256
> Loading all dynamic preprocessor libs from lib/snort_dynamicpreprocessor...
>   Loading dynamic preprocessor library
> lib/snort_dynamicpreprocessor/libdpx.so... done
>   Finished Loading all dynamic preprocessor libs from
> lib/snort_dynamicpreprocessor
> Log directory = /var/log/snort
>
> +++++++++++++++++++++++++++++++++++++++++++++++++++
> Initializing rule chains...
> 4 Snort rules read
>     4 detection rules
>     0 decoder rules
>     0 preprocessor rules
> 2 Option Chains linked into 2 Chain Headers
> 0 Dynamic rules
> +++++++++++++++++++++++++++++++++++++++++++++++++++
>
> +-------------------[Rule Port
> Counts]---------------------------------------
> |             tcp     udp    icmp      ip
> |     src       0       0       0       0
> |     dst       0       0       0       0
> |     any       4       0       0       0
> |      nc       4       0       0       0
> |     s+d       0       0       0       0
>
> +----------------------------------------------------------------------------
>
>
> +-----------------------[detection-filter-config]------------------------------
> | memory-cap : 1048576 bytes
>
> +-----------------------[detection-filter-rules]-------------------------------
> | none
>
> -------------------------------------------------------------------------------
>
>
> +-----------------------[rate-filter-config]-----------------------------------
> | memory-cap : 1048576 bytes
>
> +-----------------------[rate-filter-rules]------------------------------------
> | none
>
> -------------------------------------------------------------------------------
>
>
> +-----------------------[event-filter-config]----------------------------------
> | memory-cap : 1048576 bytes
>
> +-----------------------[event-filter-global]----------------------------------
>
> +-----------------------[event-filter-local]-----------------------------------
> | none
>
> +-----------------------[suppression]------------------------------------------
> | none
>
> -------------------------------------------------------------------------------
> Rule application order:
> activation->dynamic->pass->drop->sdrop->reject->alert->log
> Verifying Preprocessor Configurations!
>
> [ Port Based Pattern Matching Memory ]
> pcap DAQ configured to read-file.
> The DAQ version does not support reload.
> Acquiring network traffic from "test/test.pcap".
> Reload thread starting...
> Reload thread started, thread 0xb6997b70 (1754)
>
>         --== Initialization Complete ==--
>
>    ,,_     -*> Snort! <*-
>   o"  )~   Version 2.9.5.5 GRE (Build 205)
>    ''''    By Martin Roesch & The Snort Team:
> http://www.snort.org/snort/snort-team
>            Copyright (C) 1998-2013 Sourcefire, Inc., et al.
>            Using libpcap version 1.0.0
>            Using PCRE version: 7.8 2008-09-05
>            Using ZLIB version: 1.2.3.3
>
>            Preprocessor Object: dpx  Version 1.6  <Build 1>
> Commencing packet processing (pid=1753)
> 3    256    2    0
> 4    256    2    0
> 5    256    1    0
>
> ===============================================================================
> Run time for packet processing was 0.994 seconds
> Snort processed 6 packets.
> Snort ran for 0 days 0 hours 0 minutes 0 seconds
>    Pkts/sec:            6
>
> ===============================================================================
> Packet I/O Totals:
>    Received:            6
>    Analyzed:            6 (100.000%)
>     Dropped:            0 (  0.000%)
>    Filtered:            0 (  0.000%)
> Outstanding:            0 (  0.000%)
>    Injected:            0
>
> ===============================================================================
> Breakdown by protocol (includes rebuilt packets):
>         Eth:            6 (100.000%)
>        VLAN:            0 (  0.000%)
>         IP4:            6 (100.000%)
>        Frag:            0 (  0.000%)
>        ICMP:            0 (  0.000%)
>         UDP:            0 (  0.000%)
>         TCP:            6 (100.000%)
>         IP6:            0 (  0.000%)
>     IP6 Ext:            0 (  0.000%)
>    IP6 Opts:            0 (  0.000%)
>       Frag6:            0 (  0.000%)
>       ICMP6:            0 (  0.000%)
>        UDP6:            0 (  0.000%)
>        TCP6:            0 (  0.000%)
>      Teredo:            0 (  0.000%)
>     ICMP-IP:            0 (  0.000%)
>     IP4/IP4:            0 (  0.000%)
>     IP4/IP6:            0 (  0.000%)
>     IP6/IP4:            0 (  0.000%)
>     IP6/IP6:            0 (  0.000%)
>         GRE:            0 (  0.000%)
>     GRE Eth:            0 (  0.000%)
>    GRE VLAN:            0 (  0.000%)
>     GRE IP4:            0 (  0.000%)
>     GRE IP6:            0 (  0.000%)
> GRE IP6 Ext:            0 (  0.000%)
>    GRE PPTP:            0 (  0.000%)
>     GRE ARP:            0 (  0.000%)
>     GRE IPX:            0 (  0.000%)
>    GRE Loop:            0 (  0.000%)
>        MPLS:            0 (  0.000%)
>         ARP:            0 (  0.000%)
>         IPX:            0 (  0.000%)
>    Eth Loop:            0 (  0.000%)
>    Eth Disc:            0 (  0.000%)
>    IP4 Disc:            0 (  0.000%)
>    IP6 Disc:            0 (  0.000%)
>    TCP Disc:            0 (  0.000%)
>    UDP Disc:            0 (  0.000%)
>   ICMP Disc:            0 (  0.000%)
> All Discard:            0 (  0.000%)
>       Other:            0 (  0.000%)
> Bad Chk Sum:            0 (  0.000%)
>     Bad TTL:            0 (  0.000%)
>      S5 G 1:            0 (  0.000%)
>      S5 G 2:            0 (  0.000%)
>       Total:            6
>
> ===============================================================================
> Action Stats:
>      Alerts:            3 ( 50.000%)
>      Logged:            3 ( 50.000%)
>      Passed:            0 (  0.000%)
> Limits:
>       Match:            0
>       Queue:            0
>         Log:            0
>       Event:            0
>       Alert:            0
> Verdicts:
>       Allow:            6 (100.000%)
>       Block:            0 (  0.000%)
>     Replace:            0 (  0.000%)
>   Whitelist:            0 (  0.000%)
>   Blacklist:            0 (  0.000%)
>      Ignore:            0 (  0.000%)
> =============================
> Snort exiting
>
>
> Regards
> --
>
> Amtul
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20131214/577f2ffd/attachment.html>


More information about the Snort-devel mailing list