[Snort-users] Token ring support of snort

Martin Roesch roesch at ...1935...
Thu Nov 1 07:01:05 EST 2001


Is that the right interface name for the T/R interface?  To get a list
of the interfaces that are available run 'snort -W', then set the
sniffing interface with 'snort -i <intf>'

     -Marty

bulent_sahin at ...3967... wrote:
> 
> Hi,
> 
> Does anybody know about token ring support of snort?A few days ago I
> installed snort on my computer, but when I try "snort -v" it assumes
> that all packets are ethernet packets.  Winpcap and ethereal works
> fine. I  pasted "snort -v" output below.
> 
> C:\Downloads\Snort-1.8.1-win32-static\Snort-1.8.1-win32\snort -v
> Log directory =
> 
>         --== Initializing Snort ==--
> 
> Initializing Network Interface \
> Decoding Ethernet on interface \Device\Packet_MDGNDIS41
> 
>         --== Initialization Complete ==--
> 
> -*> Snort! <*-
> Version 1.8-WIN32 (Build 74)
> By Martin Roesch (roesch at ...1935..., www.snort.org)
> 1.7-WIN32 Port By Michael Davis (mike at ...92..., ww
> 1.8-WIN32 Port By Chris Reid (chris.reid at ...3968...
>           (based on code from 1.7 port)
> 
> =======================================================
> Snort analyzed 1312 out of 1312 packets, dropping 0(0.0
> 
> Breakdown by protocol:                Action Stats:
>     TCP: 0          (0.000%)          ALERTS: 0
>     UDP: 0          (0.000%)          LOGGED: 0
>    ICMP: 0          (0.000%)          PASSED: 0
>     ARP: 0          (0.000%)
>    IPv6: 0          (0.000%)
>     IPX: 0          (0.000%)
>   OTHER: 1311       (99.924%)
> DISCARD: 0          (0.000%)
> =======================================================
> Fragmentation Stats:
> Fragmented IP Packets: 0          (0.000%)
>     Fragment Trackers: 0
>    Rebuilt IP Packets: 0
>    Frag elements used: 0
> Discarded(incomplete): 0
>    Discarded(timeout): 0
>   Frag2 memory faults: 0
> =======================================================
> TCP Stream Reassembly Stats:
>         TCP Packets Used: 0          (0.000%)
>          Stream Trackers: 0
>           Stream flushes: 0
>            Segments used: 0
>    Stream4 Memory Faults: 0
> =======================================================
> pcap_loop: read error: PacketReceivePacket failedpcap_s
> r
> Snort received signal 3, exiting
> 
> Thanks,
> Bulent

--
Martin Roesch - President, Sourcefire Inc. - (410)552-6999
roesch at ...1935... - http://www.sourcefire.com  
Snort: Open Source Network IDS - http://www.snort.org




More information about the Snort-users mailing list