[Snort-users] HELP!!! HELP!!! HELP!!!

Theodore Stout theodorestout at ...131...
Fri Nov 12 08:14:02 EST 2004


Yo hommmie, The Pig likes Fedora Core 2 or OpenBSD.

Do not install on XP. Repeat, do not install on
anything related to Microsoft.

Of course you are frustrated.  If I did it on XP, I
would just about go crazy too.

Get a good Snort book or use Patrick Harper's
materials and just install it as he says.  I took me
about 2 weeks to get it right the first time but now I
can install it in about 2 hours.

Theo

--- Jeremiah J Batac <jjbatac at ...131...> wrote:

> hello snort users,,, im a newbie in the IDS field.
> Im
> trying my best to make this snort thing to work in
> Windows XP. I'm so frustrated coz after downloading
> tons of documents to help me set it up, tried all
> their steps and guess what its partially working...
> Can somebody kind enough to walk me through to make
> it
> work. current softwares to install snort that i have
> right now are the following...
> 
> acid
> adodb
> dbtools
> libnet-1.0.2f
> packetbuild-1.4
> php-4.3.9-win32
> phplot-4.4.6
> application_service
> mysqlsetup
> snort-2_1_0
> winpcap_3_0
> 
> 
> I already tried to install and follow the steps
> 5times
> and unfortunately i just go up to this point
> 
> 
> C:\Snort>snort
> Running in IDS mode with inferred config file:
> ./snort.conf
> Log directory = log
> 
> Initializing Network Interface
> \Device\NPF_{3A842A08-FAFC-4986-A869-4AB8B6C9DD67
> }
> 
>         --== Initializing Snort ==--
> Initializing Output Plugins!
> Decoding Ethernet on interface
> \Device\NPF_{3A842A08-FAFC-4986-A869-4AB8B6C9DD67
> }
> Initializing Preprocessors!
> Initializing Plug-ins!
> Parsing Rules file ./snort.conf
> 
> +++++++++++++++++++++++++++++++++++++++++++++++++++
> Initializing rule chains...
> ,-----------[Flow Config]----------------------
> | Stats Interval:  0
> | Hash Method:     2
> | Memcap:          10485760
> | Rows  :          4099
> | Overhead Bytes:  16400(%0.16)
> `----------------------------------------------
> No arguments to frag2 directive, setting defaults
> to:
>     Fragment timeout: 60 seconds
>     Fragment memory cap: 4194304 bytes
>     Fragment min_ttl:   0
>     Fragment ttl_limit: 5
>     Fragment Problems: 0
>     Self preservation threshold: 500
>     Self preservation period: 90
>     Suspend threshold: 1000
>     Suspend period: 30
> Stream4 config:
>     Stateful inspection: ACTIVE
>     Session statistics: INACTIVE
>     Session timeout: 30 seconds
>     Session memory cap: 8388608 bytes
>     State alerts: INACTIVE
>     Evasion alerts: INACTIVE
>     Scan alerts: INACTIVE
>     Log Flushed Streams: INACTIVE
>     MinTTL: 1
>     TTL Limit: 5
>     Async Link: 0
>     State Protection: 0
>     Self preservation threshold: 50
>     Self preservation period: 90
>     Suspend threshold: 200
>     Suspend period: 30
> Stream4_reassemble config:
>     Server reassembly: INACTIVE
>     Client reassembly: ACTIVE
>     Reassembler alerts: ACTIVE
>     Zero out flushed packets: INACTIVE
>     flush_data_diff_size: 500
>     Ports: 21 23 25 53 80 110 111 143 513 1433
>     Emergency Ports: 21 23 25 53 80 110 111 143 513
> 1433
> ERROR: ./snort.conf(287) => Invalid file name for
> IIS
> Unicode Map file.
> Fatal Error, Quitting..
> 
> C:\Snort>
> 
> hope this will help. like you i would like to be a
> pioneer on this OpenSource IDS. Help is much
> appreciated. Thank you very much.
> 
> 
> 
> 
> 		
> __________________________________ 
> Do you Yahoo!? 
> Check out the new Yahoo! Front Page. 
> www.yahoo.com 
>  
> 
> 
> 
>
-------------------------------------------------------
> This SF.Net email is sponsored by:
> Sybase ASE Linux Express Edition - download now for
> FREE
> LinuxWorld Reader's Choice Award Winner for best
> database on Linux.
>
http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or
> unsubscribe:
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 



		
__________________________________ 
Do you Yahoo!? 
Check out the new Yahoo! Front Page. 
www.yahoo.com 
 





More information about the Snort-users mailing list