[Snort-users] win32 version1.6.3 install

Don Pierce don at ...1157...
Fri Jan 19 14:15:49 EST 2001


I seem to be unable to start snort1.6.3 on my  NT4 machine.
I have installed packetpusher and
downloded the win32 binaries but when I attempt to start it
i get the following message:

need to tell me to do something

Here is my command line:

D:\snort-1.6.3\Binary>snort.exe -A fast -C d:\snort-1.6.3\snort.rules -h
209.66.77.0/28 -o -v -l c:\temp\log

What am I doing wrong?

Don

> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net
> [mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Todd Ransom
> Sent: Friday, January 19, 2001 8:59 AM
> To: 'Martin Roesch'; Todd Ransom
> Cc: Snort-Users (E-mail)
> Subject: RE: [Snort-users] snort 1.7 on OpenBSD and null header length
>
>
> I'm listening on tun0 (PPPoE).  What the heck is a NULL interface?
>
> TR
>
> -----Original Message-----
> From: Martin Roesch [mailto:roesch at ...421...]
> Sent: Thursday, January 18, 2001 1:48 AM
> To: Todd Ransom
> Cc: Snort-Users (E-mail)
> Subject: Re: [Snort-users] snort 1.7 on OpenBSD and null header length
>
>
> The header length for the NULL interface that you're listening on is
> less than 4 bytes.  You can turn off this message by simply editing the
> DecodeNullPkt() function in decode.c and commenting out the ErrorMessage
> call at the bottom of the function.  I'm going to put a patch into the
> program that will only allow this message to be sent when the -v flag is
> set.
>
>    -Marty
>
> Todd Ransom wrote:
> >
> > Can anyone tell me what this means?
> >
> > Jan 14 21:47:38 heimdall snort: NULL header length < captured len! (0
> bytes)
> > Jan 14 21:48:08 heimdall last message repeated 22546 times
> > Jan 14 21:50:09 heimdall last message repeated 86796 times
> > Jan 14 22:00:10 heimdall last message repeated 422193 times
> > Jan 14 22:10:12 heimdall last message repeated 425756 times
> > Jan 14 22:20:12 heimdall last message repeated 418332 times
> > Jan 14 22:30:13 heimdall last message repeated 421912 times
> > Jan 14 22:40:14 heimdall last message repeated 421058 times
> > Jan 14 22:50:15 heimdall last message repeated 420325 times
> > Jan 14 23:00:17 heimdall last message repeated 419379 times
> > Jan 14 23:10:18 heimdall last message repeated 425026 times
> > Jan 14 23:20:18 heimdall last message repeated 422251 times
> > Jan 14 23:30:19 heimdall last message repeated 424315 times
> > Jan 14 23:40:20 heimdall last message repeated 409748 times
> > Jan 14 23:50:21 heimdall last message repeated 408098 times
> > Jan 15 00:00:22 heimdall last message repeated 409798 times
> > Jan 15 00:10:23 heimdall last message repeated 421125 times
> > [and on and on]
> >
> > TR
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > http://lists.sourceforge.net/lists/listinfo/snort-users
>
> --
> Martin Roesch
> roesch at ...421...
> http://www.snort.org
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
>





More information about the Snort-users mailing list