[Snort-users] win32 version1.6.3 install

Michael Davis mike at ...92...
Fri Jan 19 16:00:26 EST 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> D:\snort-1.6.3\Binary>snort.exe -A fast -C
> d:\snort-1.6.3\snort.rules -h 209.66.77.0/28 -o -v -l c:\temp\log

Don't you mean -c  d:\snort-1.6.3\snort.rules  ?

Michael Davis
Chief Technical Officer
Data Nerds, LLC.
http://www.datanerds.net
> What am I doing wrong?
> 
> Don
> 
> > -----Original Message-----
> > From: snort-users-admin at lists.sourceforge.net
> > [mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Todd
> > Ransom Sent: Friday, January 19, 2001 8:59 AM
> > To: 'Martin Roesch'; Todd Ransom
> > Cc: Snort-Users (E-mail)
> > Subject: RE: [Snort-users] snort 1.7 on OpenBSD and null header
> > length 
> >
> >
> > I'm listening on tun0 (PPPoE).  What the heck is a NULL
> > interface? 
> >
> > TR
> >
> > -----Original Message-----
> > From: Martin Roesch [mailto:roesch at ...421...]
> > Sent: Thursday, January 18, 2001 1:48 AM
> > To: Todd Ransom
> > Cc: Snort-Users (E-mail)
> > Subject: Re: [Snort-users] snort 1.7 on OpenBSD and null header
> > length 
> >
> >
> > The header length for the NULL interface that you're listening on
> > is less than 4 bytes.  You can turn off this message by simply
> > editing the DecodeNullPkt() function in decode.c and commenting
> > out the ErrorMessage call at the bottom of the function.  I'm
> > going to put a patch into the program that will only allow this
> > message to be sent when the -v flag is set.
> >
> >    -Marty
> >
> > Todd Ransom wrote:
> > >
> > > Can anyone tell me what this means?
> > >
> > > Jan 14 21:47:38 heimdall snort: NULL header length < captured
> > > len! (0 
> > bytes)
> > > Jan 14 21:48:08 heimdall last message repeated 22546 times
> > > Jan 14 21:50:09 heimdall last message repeated 86796 times
> > > Jan 14 22:00:10 heimdall last message repeated 422193 times
> > > Jan 14 22:10:12 heimdall last message repeated 425756 times
> > > Jan 14 22:20:12 heimdall last message repeated 418332 times
> > > Jan 14 22:30:13 heimdall last message repeated 421912 times
> > > Jan 14 22:40:14 heimdall last message repeated 421058 times
> > > Jan 14 22:50:15 heimdall last message repeated 420325 times
> > > Jan 14 23:00:17 heimdall last message repeated 419379 times
> > > Jan 14 23:10:18 heimdall last message repeated 425026 times
> > > Jan 14 23:20:18 heimdall last message repeated 422251 times
> > > Jan 14 23:30:19 heimdall last message repeated 424315 times
> > > Jan 14 23:40:20 heimdall last message repeated 409748 times
> > > Jan 14 23:50:21 heimdall last message repeated 408098 times
> > > Jan 15 00:00:22 heimdall last message repeated 409798 times
> > > Jan 15 00:10:23 heimdall last message repeated 421125 times
> > > [and on and on]
> > >
> > > TR
> > >
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users at lists.sourceforge.net
> > > Go to this URL to change user options or unsubscribe:
> > > http://lists.sourceforge.net/lists/listinfo/snort-users
> >
> > --
> > Martin Roesch
> > roesch at ...421...
> > http://www.snort.org
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > http://lists.sourceforge.net/lists/listinfo/snort-users
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > http://lists.sourceforge.net/lists/listinfo/snort-users
> >
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBOmiq6PiUqZ9dnoKsEQIT0wCdGF4uRTmNFGFkMYXrV7nIZFPJiokAoL4M
zZeNtC7HcEmJ7Pu/c+HqBZL/
=pTf/
-----END PGP SIGNATURE-----






More information about the Snort-users mailing list