<div dir="ltr"><div>1.  There is a problem with your test.sh because your output starts with an errror:<br><br>root@...3454...:/usr/src/dp# ./test.sh<br>./setup.sh: line 1: /root/snort: is a directory<br><br><br></div>2.  Did you build with --enable-debug --enable-debug-msgs ?<br>
<br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Sat, Dec 14, 2013 at 2:35 AM, Amtul Saboor <span dir="ltr"><<a href="mailto:saboor.amtul@...2499..." target="_blank">saboor.amtul@...2499...</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div>The reason that I think I am not doing it correctly is that in the README file in the SRC directory of DPX, following lines are writen:<br>
<br>"Test output:<br><br>dpx.c:86: registered<br>dpx.c:123: pod[0](test/snort.conf:3): port = 8<br>
dpx.c:159: pod[0]: initialized<br>dpx.c:123: pod[1](test/10.1.conf:2): port = 80<br>dpx.c:159: pod[1]: initialized<br>dpx.c:186: pod[1]: src = 12345, dst = 8<br>dpx.c:186: pod[1]: src = 8, dst = 12345<br>dpx.c:186: pod[1]: src = 12345, dst = 80<br>

3       256     2       0<br>dpx.c:186: pod[0]: src = 12345, dst = 8<br>4       256     2       0<br>dpx.c:186: pod[0]: src = 8, dst = 12345<br>5       256     1       0<br>dpx.c:186: pod[0]: src = 12345, dst = 80"<br>

<br></div>How can I get this output? I certainly do not get this output when i run test.sh file (the output is displayed in the previous message). So what could be the possible issues. <br><br></div>Any help would be appreciated. <br>

<br>Thanks and regards<div><div class="h5"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Nov 27, 2013 at 10:16 PM, Amtul Saboor <span dir="ltr"><<a href="mailto:saboor.amtul@...2499..." target="_blank">saboor.amtul@...2499...</a>></span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><div><div>Hello,<br> <br></div>I need to verify if I am doing it 
correctly. because i dont think dpx.c is running the way it should. This
 is my output when i type ./test.sh :<br><br><br>root@...3454...:/usr/src/dpx-1.6# cd /usr/src/dp<br>
root@...3454...:/usr/src/dp# ./test.sh<br>./setup.sh: line 1: /root/snort: is a directory<br>Running in IDS mode<br><br>        --== Initializing Snort ==--<br>Initializing Output Plugins!<br>Initializing Preprocessors!<br>Initializing Plug-ins!<br>



Parsing Rules file "test/snort.conf"<br>Tagged Packet Limit: 256<br>Loading all dynamic preprocessor libs from lib/snort_dynamicpreprocessor...<br>  Loading dynamic preprocessor library lib/snort_dynamicpreprocessor/libdpx.so... done<br>



  Finished Loading all dynamic preprocessor libs from lib/snort_dynamicpreprocessor<br>Log directory = /var/log/snort<br><br>+++++++++++++++++++++++++++++++++++++++++++++++++++<br>Initializing rule chains...<br>4 Snort rules read<br>



    4 detection rules<br>    0 decoder rules<br>    0 preprocessor rules<br>2 Option Chains linked into 2 Chain Headers<br>0 Dynamic rules<br>+++++++++++++++++++++++++++++++++++++++++++++++++++<br><br>+-------------------[Rule Port Counts]---------------------------------------<br>



|             tcp     udp    icmp      ip<br>|     src       0       0       0       0<br>|     dst       0       0       0       0<br>|     any       4       0       0       0<br>|      nc       4       0       0       0<br>



|     s+d       0       0       0       0<br>+----------------------------------------------------------------------------<br><br>+-----------------------[detection-filter-config]------------------------------<br>| memory-cap : 1048576 bytes<br>



+-----------------------[detection-filter-rules]-------------------------------<br>| none<br>-------------------------------------------------------------------------------<br><br>+-----------------------[rate-filter-config]-----------------------------------<br>



| memory-cap : 1048576 bytes<br>+-----------------------[rate-filter-rules]------------------------------------<br>| none<br>-------------------------------------------------------------------------------<br><br>+-----------------------[event-filter-config]----------------------------------<br>



| memory-cap : 1048576 bytes<br>+-----------------------[event-filter-global]----------------------------------<br>+-----------------------[event-filter-local]-----------------------------------<br>| none<br>+-----------------------[suppression]------------------------------------------<br>



| none<br>-------------------------------------------------------------------------------<br>Rule application order: activation->dynamic->pass->drop->sdrop->reject->alert->log<br>Verifying Preprocessor Configurations!<br>



<br>[ Port Based Pattern Matching Memory ]<br>pcap DAQ configured to read-file.<br>The DAQ version does not support reload.<br>Acquiring network traffic from "test/test.pcap".<br>Reload thread starting...<br>Reload thread started, thread 0xb6997b70 (1754)<br>



<br>        --== Initialization Complete ==--<br><br>   ,,_     -*> Snort! <*-<br>  o"  )~   Version 2.9.5.5 GRE (Build 205) <br>   ''''    By Martin Roesch & The Snort Team: <a href="http://www.snort.org/snort/snort-team" target="_blank">http://www.snort.org/snort/snort-team</a><br>



           Copyright (C) 1998-2013 Sourcefire, Inc., et al.<br>           Using libpcap version 1.0.0<br>           Using PCRE version: 7.8 2008-09-05<br>           Using ZLIB version: 1.2.3.3<br><br>           Preprocessor Object: dpx  Version 1.6  <Build 1><br>



Commencing packet processing (pid=1753)<br>3    256    2    0    <br>4    256    2    0    <br>5    256    1    0    <br>===============================================================================<br>Run time for packet processing was 0.994 seconds<br>



Snort processed 6 packets.<br>Snort ran for 0 days 0 hours 0 minutes 0 seconds<br>   Pkts/sec:            6<br>===============================================================================<br>Packet I/O Totals:<br>   Received:            6<br>



   Analyzed:            6 (100.000%)<br>    Dropped:            0 (  0.000%)<br>   Filtered:            0 (  0.000%)<br>Outstanding:            0 (  0.000%)<br>   Injected:            0<br>===============================================================================<br>



Breakdown by protocol (includes rebuilt packets):<br>        Eth:            6 (100.000%)<br>       VLAN:            0 (  0.000%)<br>        IP4:            6 (100.000%)<br>       Frag:            0 (  0.000%)<br>       ICMP:            0 (  0.000%)<br>



        UDP:            0 (  0.000%)<br>        TCP:            6 (100.000%)<br>        IP6:            0 (  0.000%)<br>    IP6 Ext:            0 (  0.000%)<br>   IP6 Opts:            0 (  0.000%)<br>      Frag6:            0 (  0.000%)<br>



      ICMP6:            0 (  0.000%)<br>       UDP6:            0 (  0.000%)<br>       TCP6:            0 (  0.000%)<br>     Teredo:            0 (  0.000%)<br>    ICMP-IP:            0 (  0.000%)<br>    IP4/IP4:            0 (  0.000%)<br>



    IP4/IP6:            0 (  0.000%)<br>    IP6/IP4:            0 (  0.000%)<br>    IP6/IP6:            0 (  0.000%)<br>        GRE:            0 (  0.000%)<br>    GRE Eth:            0 (  0.000%)<br>   GRE VLAN:            0 (  0.000%)<br>



    GRE IP4:            0 (  0.000%)<br>    GRE IP6:            0 (  0.000%)<br>GRE IP6 Ext:            0 (  0.000%)<br>   GRE PPTP:            0 (  0.000%)<br>    GRE ARP:            0 (  0.000%)<br>    GRE IPX:            0 (  0.000%)<br>



   GRE Loop:            0 (  0.000%)<br>       MPLS:            0 (  0.000%)<br>        ARP:            0 (  0.000%)<br>        IPX:            0 (  0.000%)<br>   Eth Loop:            0 (  0.000%)<br>   Eth Disc:            0 (  0.000%)<br>



   IP4 Disc:            0 (  0.000%)<br>   IP6 Disc:            0 (  0.000%)<br>   TCP Disc:            0 (  0.000%)<br>   UDP Disc:            0 (  0.000%)<br>  ICMP Disc:            0 (  0.000%)<br>All Discard:            0 (  0.000%)<br>



      Other:            0 (  0.000%)<br>Bad Chk Sum:            0 (  0.000%)<br>    Bad TTL:            0 (  0.000%)<br>     S5 G 1:            0 (  0.000%)<br>     S5 G 2:            0 (  0.000%)<br>      Total:            6<br>



===============================================================================<br>Action Stats:<br>     Alerts:            3 ( 50.000%)<br>     Logged:            3 ( 50.000%)<br>     Passed:            0 (  0.000%)<br>


Limits:<br>
      Match:            0<br>      Queue:            0<br>        Log:            0<br>      Event:            0<br>      Alert:            0<br>Verdicts:<br>      Allow:            6 (100.000%)<br>      Block:            0 (  0.000%)<br>



    Replace:            0 (  0.000%)<br>  Whitelist:            0 (  0.000%)<br>  Blacklist:            0 (  0.000%)<br>     Ignore:            0 (  0.000%)<br>=============================<br></div>Snort exiting<br><br>


<br>
</div>Regards<span><font color="#888888"><br>-- <br><div dir="ltr"><i><br></i><div><div>Amtul <br></div></div></div><div dir="ltr"><i><br></i><br></div></font></span></div></blockquote></div>
</div></div></div></div>
<br>------------------------------------------------------------------------------<br>
Rapidly troubleshoot problems before they affect your business. Most IT<br>
organizations don't have a clear picture of how application performance<br>
affects their revenue. With AppDynamics, you get 100% visibility into your<br>
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!<br>
<a href="http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk" target="_blank">http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk</a><br>_______________________________________________<br>

Snort-devel mailing list<br>
<a href="mailto:Snort-devel@lists.sourceforge.net">Snort-devel@...1685...ceforge.net</a><br>
<a href="https://lists.sourceforge.net/lists/listinfo/snort-devel" target="_blank">https://lists.sourceforge.net/lists/listinfo/snort-devel</a><br>
Archive:<br>
<a href="http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel" target="_blank">http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel</a><br>
<br>
Please visit <a href="http://blog.snort.org" target="_blank">http://blog.snort.org</a> for the latest news about Snort!<br></blockquote></div><br></div>