[Snort-users] HELP!!! HELP!!! HELP!!!

Michael Steele michaels at ...9077...
Fri Nov 12 19:07:05 EST 2004


He's having a pcap problem. Go get the docs and start over with a new
install, who knows what you may have done.

Kindest regards, 
Michael...

WINSNORT.com Management Team Member
-- 
Pick up your FREE Windows or UNIX Snort installation guides       
mailto:support at ...9077...
Website: http://www.winsnort.com
Snort: Open Source Network IDS - http://www.snort.org



> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net [mailto:snort-users-
> admin at lists.sourceforge.net] On Behalf Of Matthew K. Lee
> Sent: Friday, November 12, 2004 6:42 AM
> To: Jeremiah J Batac
> Cc: snort-users at lists.sourceforge.net
> Subject: RE: [Snort-users] HELP!!! HELP!!! HELP!!!
> 
> Jeremiah,
> 
> I think you may be missing your Unicode.map file.  Try to place that
> file where it needs to be.  If that doesn't work, you might try to
> comment out the http_inspect lines to see if you have a configuration
> problem there.  If that still doesn't work, you may want to post your
> snort.conf file to the list.
> 
> Thanks,
> 
> Matt
> 
> -----Original Message-----
> From: Jeremiah J Batac [mailto:jjbatac at ...131...]
> Sent: Friday, November 12, 2004 6:28 AM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] HELP!!! HELP!!! HELP!!!
> 
> hello snort users,,, im a newbie in the IDS field. Im
> trying my best to make this snort thing to work in
> Windows XP. I'm so frustrated coz after downloading
> tons of documents to help me set it up, tried all
> their steps and guess what its partially working...
> Can somebody kind enough to walk me through to make it
> work. current softwares to install snort that i have
> right now are the following...
> 
> acid
> adodb
> dbtools
> libnet-1.0.2f
> packetbuild-1.4
> php-4.3.9-win32
> phplot-4.4.6
> application_service
> mysqlsetup
> snort-2_1_0
> winpcap_3_0
> 
> 
> I already tried to install and follow the steps 5times
> and unfortunately i just go up to this point
> 
> 
> C:\Snort>snort
> Running in IDS mode with inferred config file:
> ./snort.conf
> Log directory = log
> 
> Initializing Network Interface
> \Device\NPF_{3A842A08-FAFC-4986-A869-4AB8B6C9DD67
> }
> 
>         --== Initializing Snort ==--
> Initializing Output Plugins!
> Decoding Ethernet on interface
> \Device\NPF_{3A842A08-FAFC-4986-A869-4AB8B6C9DD67
> }
> Initializing Preprocessors!
> Initializing Plug-ins!
> Parsing Rules file ./snort.conf
> 
> +++++++++++++++++++++++++++++++++++++++++++++++++++
> Initializing rule chains...
> ,-----------[Flow Config]----------------------
> | Stats Interval:  0
> | Hash Method:     2
> | Memcap:          10485760
> | Rows  :          4099
> | Overhead Bytes:  16400(%0.16)
> `----------------------------------------------
> No arguments to frag2 directive, setting defaults to:
>     Fragment timeout: 60 seconds
>     Fragment memory cap: 4194304 bytes
>     Fragment min_ttl:   0
>     Fragment ttl_limit: 5
>     Fragment Problems: 0
>     Self preservation threshold: 500
>     Self preservation period: 90
>     Suspend threshold: 1000
>     Suspend period: 30
> Stream4 config:
>     Stateful inspection: ACTIVE
>     Session statistics: INACTIVE
>     Session timeout: 30 seconds
>     Session memory cap: 8388608 bytes
>     State alerts: INACTIVE
>     Evasion alerts: INACTIVE
>     Scan alerts: INACTIVE
>     Log Flushed Streams: INACTIVE
>     MinTTL: 1
>     TTL Limit: 5
>     Async Link: 0
>     State Protection: 0
>     Self preservation threshold: 50
>     Self preservation period: 90
>     Suspend threshold: 200
>     Suspend period: 30
> Stream4_reassemble config:
>     Server reassembly: INACTIVE
>     Client reassembly: ACTIVE
>     Reassembler alerts: ACTIVE
>     Zero out flushed packets: INACTIVE
>     flush_data_diff_size: 500
>     Ports: 21 23 25 53 80 110 111 143 513 1433
>     Emergency Ports: 21 23 25 53 80 110 111 143 513
> 1433
> ERROR: ./snort.conf(287) => Invalid file name for IIS
> Unicode Map file.
> Fatal Error, Quitting..
> 
> C:\Snort>
> 
> hope this will help. like you i would like to be a
> pioneer on this OpenSource IDS. Help is much
> appreciated. Thank you very much.
> 
> 
> 
> 
> 
> __________________________________
> Do you Yahoo!?
> Check out the new Yahoo! Front Page.
> www.yahoo.com
> 
> 
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by:
> Sybase ASE Linux Express Edition - download now for FREE
> LinuxWorld Reader's Choice Award Winner for best database on Linux.
> http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by:
> Sybase ASE Linux Express Edition - download now for FREE
> LinuxWorld Reader's Choice Award Winner for best database on Linux.
> http://ads.osdn.com/?ad_idU88&alloc_id065&op=ick
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=ort-users









More information about the Snort-users mailing list