<div dir="ltr"><div><div><div>Hello,<br> <br></div>I need to verify if I am doing it correctly. because i dont think dpx.c is running the way it should. This is my output when i type ./test.sh :<br><br><br>root@...3454...:/usr/src/dpx-1.6# cd /usr/src/dp<br>
root@...3454...:/usr/src/dp# ./test.sh<br>./setup.sh: line 1: /root/snort: is a directory<br>Running in IDS mode<br><br>        --== Initializing Snort ==--<br>Initializing Output Plugins!<br>Initializing Preprocessors!<br>Initializing Plug-ins!<br>
Parsing Rules file "test/snort.conf"<br>Tagged Packet Limit: 256<br>Loading all dynamic preprocessor libs from lib/snort_dynamicpreprocessor...<br>  Loading dynamic preprocessor library lib/snort_dynamicpreprocessor/libdpx.so... done<br>
  Finished Loading all dynamic preprocessor libs from lib/snort_dynamicpreprocessor<br>Log directory = /var/log/snort<br><br>+++++++++++++++++++++++++++++++++++++++++++++++++++<br>Initializing rule chains...<br>4 Snort rules read<br>
    4 detection rules<br>    0 decoder rules<br>    0 preprocessor rules<br>2 Option Chains linked into 2 Chain Headers<br>0 Dynamic rules<br>+++++++++++++++++++++++++++++++++++++++++++++++++++<br><br>+-------------------[Rule Port Counts]---------------------------------------<br>
|             tcp     udp    icmp      ip<br>|     src       0       0       0       0<br>|     dst       0       0       0       0<br>|     any       4       0       0       0<br>|      nc       4       0       0       0<br>
|     s+d       0       0       0       0<br>+----------------------------------------------------------------------------<br><br>+-----------------------[detection-filter-config]------------------------------<br>| memory-cap : 1048576 bytes<br>
+-----------------------[detection-filter-rules]-------------------------------<br>| none<br>-------------------------------------------------------------------------------<br><br>+-----------------------[rate-filter-config]-----------------------------------<br>
| memory-cap : 1048576 bytes<br>+-----------------------[rate-filter-rules]------------------------------------<br>| none<br>-------------------------------------------------------------------------------<br><br>+-----------------------[event-filter-config]----------------------------------<br>
| memory-cap : 1048576 bytes<br>+-----------------------[event-filter-global]----------------------------------<br>+-----------------------[event-filter-local]-----------------------------------<br>| none<br>+-----------------------[suppression]------------------------------------------<br>
| none<br>-------------------------------------------------------------------------------<br>Rule application order: activation->dynamic->pass->drop->sdrop->reject->alert->log<br>Verifying Preprocessor Configurations!<br>
<br>[ Port Based Pattern Matching Memory ]<br>pcap DAQ configured to read-file.<br>The DAQ version does not support reload.<br>Acquiring network traffic from "test/test.pcap".<br>Reload thread starting...<br>Reload thread started, thread 0xb6997b70 (1754)<br>
<br>        --== Initialization Complete ==--<br><br>   ,,_     -*> Snort! <*-<br>  o"  )~   Version 2.9.5.5 GRE (Build 205) <br>   ''''    By Martin Roesch & The Snort Team: <a href="http://www.snort.org/snort/snort-team">http://www.snort.org/snort/snort-team</a><br>
           Copyright (C) 1998-2013 Sourcefire, Inc., et al.<br>           Using libpcap version 1.0.0<br>           Using PCRE version: 7.8 2008-09-05<br>           Using ZLIB version: 1.2.3.3<br><br>           Preprocessor Object: dpx  Version 1.6  <Build 1><br>
Commencing packet processing (pid=1753)<br>3    256    2    0    <br>4    256    2    0    <br>5    256    1    0    <br>===============================================================================<br>Run time for packet processing was 0.994 seconds<br>
Snort processed 6 packets.<br>Snort ran for 0 days 0 hours 0 minutes 0 seconds<br>   Pkts/sec:            6<br>===============================================================================<br>Packet I/O Totals:<br>   Received:            6<br>
   Analyzed:            6 (100.000%)<br>    Dropped:            0 (  0.000%)<br>   Filtered:            0 (  0.000%)<br>Outstanding:            0 (  0.000%)<br>   Injected:            0<br>===============================================================================<br>
Breakdown by protocol (includes rebuilt packets):<br>        Eth:            6 (100.000%)<br>       VLAN:            0 (  0.000%)<br>        IP4:            6 (100.000%)<br>       Frag:            0 (  0.000%)<br>       ICMP:            0 (  0.000%)<br>
        UDP:            0 (  0.000%)<br>        TCP:            6 (100.000%)<br>        IP6:            0 (  0.000%)<br>    IP6 Ext:            0 (  0.000%)<br>   IP6 Opts:            0 (  0.000%)<br>      Frag6:            0 (  0.000%)<br>
      ICMP6:            0 (  0.000%)<br>       UDP6:            0 (  0.000%)<br>       TCP6:            0 (  0.000%)<br>     Teredo:            0 (  0.000%)<br>    ICMP-IP:            0 (  0.000%)<br>    IP4/IP4:            0 (  0.000%)<br>
    IP4/IP6:            0 (  0.000%)<br>    IP6/IP4:            0 (  0.000%)<br>    IP6/IP6:            0 (  0.000%)<br>        GRE:            0 (  0.000%)<br>    GRE Eth:            0 (  0.000%)<br>   GRE VLAN:            0 (  0.000%)<br>
    GRE IP4:            0 (  0.000%)<br>    GRE IP6:            0 (  0.000%)<br>GRE IP6 Ext:            0 (  0.000%)<br>   GRE PPTP:            0 (  0.000%)<br>    GRE ARP:            0 (  0.000%)<br>    GRE IPX:            0 (  0.000%)<br>
   GRE Loop:            0 (  0.000%)<br>       MPLS:            0 (  0.000%)<br>        ARP:            0 (  0.000%)<br>        IPX:            0 (  0.000%)<br>   Eth Loop:            0 (  0.000%)<br>   Eth Disc:            0 (  0.000%)<br>
   IP4 Disc:            0 (  0.000%)<br>   IP6 Disc:            0 (  0.000%)<br>   TCP Disc:            0 (  0.000%)<br>   UDP Disc:            0 (  0.000%)<br>  ICMP Disc:            0 (  0.000%)<br>All Discard:            0 (  0.000%)<br>
      Other:            0 (  0.000%)<br>Bad Chk Sum:            0 (  0.000%)<br>    Bad TTL:            0 (  0.000%)<br>     S5 G 1:            0 (  0.000%)<br>     S5 G 2:            0 (  0.000%)<br>      Total:            6<br>
===============================================================================<br>Action Stats:<br>     Alerts:            3 ( 50.000%)<br>     Logged:            3 ( 50.000%)<br>     Passed:            0 (  0.000%)<br>Limits:<br>
      Match:            0<br>      Queue:            0<br>        Log:            0<br>      Event:            0<br>      Alert:            0<br>Verdicts:<br>      Allow:            6 (100.000%)<br>      Block:            0 (  0.000%)<br>
    Replace:            0 (  0.000%)<br>  Whitelist:            0 (  0.000%)<br>  Blacklist:            0 (  0.000%)<br>     Ignore:            0 (  0.000%)<br>=============================<br></div>Snort exiting<br><br><br>
</div>Regards<br></div>