[Snort-devel] DPX Output Verification

Russ Combs rcombs at ...402...
Mon Dec 16 10:18:11 EST 2013


1.  There is a problem with your test.sh because your output starts with an
errror:

root at ...3454...:/usr/src/dp# ./test.sh
./setup.sh: line 1: /root/snort: is a directory


2.  Did you build with --enable-debug --enable-debug-msgs ?



On Sat, Dec 14, 2013 at 2:35 AM, Amtul Saboor <saboor.amtul at ...2499...>wrote:

> The reason that I think I am not doing it correctly is that in the README
> file in the SRC directory of DPX, following lines are writen:
>
> "Test output:
>
> dpx.c:86: registered
> dpx.c:123: pod[0](test/snort.conf:3): port = 8
> dpx.c:159: pod[0]: initialized
> dpx.c:123: pod[1](test/10.1.conf:2): port = 80
> dpx.c:159: pod[1]: initialized
> dpx.c:186: pod[1]: src = 12345, dst = 8
> dpx.c:186: pod[1]: src = 8, dst = 12345
> dpx.c:186: pod[1]: src = 12345, dst = 80
> 3       256     2       0
> dpx.c:186: pod[0]: src = 12345, dst = 8
> 4       256     2       0
> dpx.c:186: pod[0]: src = 8, dst = 12345
> 5       256     1       0
> dpx.c:186: pod[0]: src = 12345, dst = 80"
>
> How can I get this output? I certainly do not get this output when i run
> test.sh file (the output is displayed in the previous message). So what
> could be the possible issues.
>
> Any help would be appreciated.
>
> Thanks and regards
>
>
>
> On Wed, Nov 27, 2013 at 10:16 PM, Amtul Saboor <saboor.amtul at ...2499...>wrote:
>
>> Hello,
>>
>> I need to verify if I am doing it correctly. because i dont think dpx.c
>> is running the way it should. This is my output when i type ./test.sh :
>>
>>
>> root at ...3454...:/usr/src/dpx-1.6# cd /usr/src/dp
>> root at ...3454...:/usr/src/dp# ./test.sh
>> ./setup.sh: line 1: /root/snort: is a directory
>> Running in IDS mode
>>
>>         --== Initializing Snort ==--
>> Initializing Output Plugins!
>> Initializing Preprocessors!
>> Initializing Plug-ins!
>> Parsing Rules file "test/snort.conf"
>> Tagged Packet Limit: 256
>> Loading all dynamic preprocessor libs from
>> lib/snort_dynamicpreprocessor...
>>   Loading dynamic preprocessor library
>> lib/snort_dynamicpreprocessor/libdpx.so... done
>>   Finished Loading all dynamic preprocessor libs from
>> lib/snort_dynamicpreprocessor
>> Log directory = /var/log/snort
>>
>> +++++++++++++++++++++++++++++++++++++++++++++++++++
>> Initializing rule chains...
>> 4 Snort rules read
>>     4 detection rules
>>     0 decoder rules
>>     0 preprocessor rules
>> 2 Option Chains linked into 2 Chain Headers
>> 0 Dynamic rules
>> +++++++++++++++++++++++++++++++++++++++++++++++++++
>>
>> +-------------------[Rule Port
>> Counts]---------------------------------------
>> |             tcp     udp    icmp      ip
>> |     src       0       0       0       0
>> |     dst       0       0       0       0
>> |     any       4       0       0       0
>> |      nc       4       0       0       0
>> |     s+d       0       0       0       0
>>
>> +----------------------------------------------------------------------------
>>
>>
>> +-----------------------[detection-filter-config]------------------------------
>> | memory-cap : 1048576 bytes
>>
>> +-----------------------[detection-filter-rules]-------------------------------
>> | none
>>
>> -------------------------------------------------------------------------------
>>
>>
>> +-----------------------[rate-filter-config]-----------------------------------
>> | memory-cap : 1048576 bytes
>>
>> +-----------------------[rate-filter-rules]------------------------------------
>> | none
>>
>> -------------------------------------------------------------------------------
>>
>>
>> +-----------------------[event-filter-config]----------------------------------
>> | memory-cap : 1048576 bytes
>>
>> +-----------------------[event-filter-global]----------------------------------
>>
>> +-----------------------[event-filter-local]-----------------------------------
>> | none
>>
>> +-----------------------[suppression]------------------------------------------
>> | none
>>
>> -------------------------------------------------------------------------------
>> Rule application order:
>> activation->dynamic->pass->drop->sdrop->reject->alert->log
>> Verifying Preprocessor Configurations!
>>
>> [ Port Based Pattern Matching Memory ]
>> pcap DAQ configured to read-file.
>> The DAQ version does not support reload.
>> Acquiring network traffic from "test/test.pcap".
>> Reload thread starting...
>> Reload thread started, thread 0xb6997b70 (1754)
>>
>>         --== Initialization Complete ==--
>>
>>    ,,_     -*> Snort! <*-
>>   o"  )~   Version 2.9.5.5 GRE (Build 205)
>>    ''''    By Martin Roesch & The Snort Team:
>> http://www.snort.org/snort/snort-team
>>            Copyright (C) 1998-2013 Sourcefire, Inc., et al.
>>            Using libpcap version 1.0.0
>>            Using PCRE version: 7.8 2008-09-05
>>            Using ZLIB version: 1.2.3.3
>>
>>            Preprocessor Object: dpx  Version 1.6  <Build 1>
>> Commencing packet processing (pid=1753)
>> 3    256    2    0
>> 4    256    2    0
>> 5    256    1    0
>>
>> ===============================================================================
>> Run time for packet processing was 0.994 seconds
>> Snort processed 6 packets.
>> Snort ran for 0 days 0 hours 0 minutes 0 seconds
>>    Pkts/sec:            6
>>
>> ===============================================================================
>> Packet I/O Totals:
>>    Received:            6
>>    Analyzed:            6 (100.000%)
>>     Dropped:            0 (  0.000%)
>>    Filtered:            0 (  0.000%)
>> Outstanding:            0 (  0.000%)
>>    Injected:            0
>>
>> ===============================================================================
>> Breakdown by protocol (includes rebuilt packets):
>>         Eth:            6 (100.000%)
>>        VLAN:            0 (  0.000%)
>>         IP4:            6 (100.000%)
>>        Frag:            0 (  0.000%)
>>        ICMP:            0 (  0.000%)
>>         UDP:            0 (  0.000%)
>>         TCP:            6 (100.000%)
>>         IP6:            0 (  0.000%)
>>     IP6 Ext:            0 (  0.000%)
>>    IP6 Opts:            0 (  0.000%)
>>       Frag6:            0 (  0.000%)
>>       ICMP6:            0 (  0.000%)
>>        UDP6:            0 (  0.000%)
>>        TCP6:            0 (  0.000%)
>>      Teredo:            0 (  0.000%)
>>     ICMP-IP:            0 (  0.000%)
>>     IP4/IP4:            0 (  0.000%)
>>     IP4/IP6:            0 (  0.000%)
>>     IP6/IP4:            0 (  0.000%)
>>     IP6/IP6:            0 (  0.000%)
>>         GRE:            0 (  0.000%)
>>     GRE Eth:            0 (  0.000%)
>>    GRE VLAN:            0 (  0.000%)
>>     GRE IP4:            0 (  0.000%)
>>     GRE IP6:            0 (  0.000%)
>> GRE IP6 Ext:            0 (  0.000%)
>>    GRE PPTP:            0 (  0.000%)
>>     GRE ARP:            0 (  0.000%)
>>     GRE IPX:            0 (  0.000%)
>>    GRE Loop:            0 (  0.000%)
>>        MPLS:            0 (  0.000%)
>>         ARP:            0 (  0.000%)
>>         IPX:            0 (  0.000%)
>>    Eth Loop:            0 (  0.000%)
>>    Eth Disc:            0 (  0.000%)
>>    IP4 Disc:            0 (  0.000%)
>>    IP6 Disc:            0 (  0.000%)
>>    TCP Disc:            0 (  0.000%)
>>    UDP Disc:            0 (  0.000%)
>>   ICMP Disc:            0 (  0.000%)
>> All Discard:            0 (  0.000%)
>>       Other:            0 (  0.000%)
>> Bad Chk Sum:            0 (  0.000%)
>>     Bad TTL:            0 (  0.000%)
>>      S5 G 1:            0 (  0.000%)
>>      S5 G 2:            0 (  0.000%)
>>       Total:            6
>>
>> ===============================================================================
>> Action Stats:
>>      Alerts:            3 ( 50.000%)
>>      Logged:            3 ( 50.000%)
>>      Passed:            0 (  0.000%)
>> Limits:
>>       Match:            0
>>       Queue:            0
>>         Log:            0
>>       Event:            0
>>       Alert:            0
>> Verdicts:
>>       Allow:            6 (100.000%)
>>       Block:            0 (  0.000%)
>>     Replace:            0 (  0.000%)
>>   Whitelist:            0 (  0.000%)
>>   Blacklist:            0 (  0.000%)
>>      Ignore:            0 (  0.000%)
>> =============================
>> Snort exiting
>>
>>
>> Regards
>> --
>>
>> Amtul
>>
>>
>>
>
> ------------------------------------------------------------------------------
> Rapidly troubleshoot problems before they affect your business. Most IT
> organizations don't have a clear picture of how application performance
> affects their revenue. With AppDynamics, you get 100% visibility into your
> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics
> Pro!
> http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> Archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20131216/5576d3d6/attachment.html>


More information about the Snort-devel mailing list