[Snort-users] Snort 1.9.0beta5

Gray . Brendan bgray2 at ...3738...
Fri Aug 16 08:21:02 EDT 2002

Incidentally, I'm trying 1.9.0beta5, and was still having the problem with
my eth0 interface dropping out of promisc mode right after going into
promisc mode.  Only this time I saw an error message in my messages file
complaining of an obsolete (PF_INET,SOCK_PACKET) so I upgraded my libpcap
from 0.6 to 0.7 and now it works ok.  

Aug 15 17:24:59 testbox kernel: snort uses obsolete (PF_INET,SOCK_PACKET)

Indidentally, Snortsnarf won't work on the alert file for snort-1.9.  The
format differs.


-----Original Message-----
From: Chris Green [mailto:cmg at ...1935...]
Sent: Wednesday, August 14, 2002 8:31 PM
To: snort-users; snort-devel; snort-announce
Subject: [Snort-users] Snort 1.9.0beta5


* uri_count bug fixed ( caused wrong alert to be generated occasionally
  for http trafic )

* -R flag for pid file ids ( Phil Wood )

* preprocessor conversation: allowed_ip_protocols 1 6 17,

(cause snort to alert on ip protocols that you didn't allow)

Please test this out as much as you can.  This is incredibly stable
and lots of outstanding bugs have been hammered out recently ( bugs
that even affect 1.8.7 )

Unix Users:

I need packet statistics of larger networks so we can help create a
local testing suite for different types of network environments so we
can help make snort better.

If you can please help us out by mailing me privately the following

1) ./configure --enable-perfmonitor
1) save the attached perftest.conf to the snort/etc directory
3) from the snort directory
    src/snort -c etc/perftest.conf -A none -N  \
             -l /tmp 2>&1 | tee perfmonitor-30sec.txt

Email me perfmonitor-30sec.txt with a small description of your

- network link type ( 10/100/GigE ) (tap/monitor port/hub)
- network connection rate ( 1.5Mbit/45Mbit/155Mbit..)
- number of hosts
- average network speed

I won't send these out to anyone nor identify you aside from saying
thanks to you :)  Thanks to everyone on snort-devel that has already
sent me statistics.

The windows implementation is being thought about a bit more and
should be included with the next beta.

now that you've read that...

Here's the URLs so you can wget:

Chris Green <cmg at ...1935...>
Laugh and the world laughs with you, snore and you sleep alone.

More information about the Snort-users mailing list