[Snort-users] snort and acid - Traffic Profile by Protocol doesnt update correctly

John Oost johnoost at ...125...
Sat Sep 11 03:47:03 EDT 2004


Thanks for the reply. If that's the case then it doenst work. The output 
from snort -v doesnt match the traffic bars in Acid. It seems it just 
doesn't update the traffic stats correctly. I already tried disabling the 
caching of IE but that didnt work either. Any ideas?


>From: "Harper, Patrick" <patrick.harper at ...11593...>
>To: "John Oost" <johnoost at ...125...>,<snort-users at lists.sourceforge.net>
>Subject: RE: [Snort-users] snort and acid - Traffic Profile by Protocol 
>doesnt update correctly
>Date: Sat, 11 Sep 2004 05:26:39 -0500
>MIME-Version: 1.0
>Received: from mc12-f10.hotmail.com ([65.54.167.146]) by 
>mc12-s16.hotmail.com with Microsoft SMTPSVC(5.0.2195.6824); Sat, 11 Sep 
>2004 03:40:04 -0700
>Received: from sc8-sf-list1.sourceforge.net ([66.35.250.206]) by 
>mc12-f10.hotmail.com with Microsoft SMTPSVC(5.0.2195.6824); Sat, 11 Sep 
>2004 03:40:03 -0700
>Received: from localhost ([127.0.0.1] helo=projects.sourceforge.net)by 
>sc8-sf-list1.sourceforge.net with esmtp (Exim 4.30)id 1C656N-00025m-Un; 
>Sat, 11 Sep 2004 03:27:27 -0700
>Received: from sc8-sf-mx1-b.sourceforge.net ([10.3.1.11] 
>helo=sc8-sf-mx1.sourceforge.net)by sc8-sf-list1.sourceforge.net with esmtp 
>(Exim 4.30)id 1C655p-00022s-EHfor snort-users at lists.sourceforge.net; Sat, 
>11 Sep 2004 03:26:53 -0700
>Received: from mailhost.phns.com ([65.218.77.18] 
>helo=phnsdalnt21.corp.phns.com)by sc8-sf-mx1.sourceforge.net with esmtp 
>(Exim 4.34)id 1C655p-0000Ei-08for snort-users at lists.sourceforge.net; Sat, 
>11 Sep 2004 03:26:53 -0700
>Received: from Unknown [192.168.1.96] by phnsdalnt21.corp.phns.com - 
>SurfControl E-mail Filter (4.7); Sat, 11 Sep 2004 05:26:44 -0500
>X-Message-Info: KtxBqYfPyq2vEZZfTqSbyKtN+MV9IXcK
>Message-ID: 
><14A490F0F982C641B8676869ADE5E5A5021A0269 at ...11594...>
>X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
>X-MS-Has-Attach: X-MS-TNEF-Correlator: 
>X-SEF-EF86D4DA-F5EF-48AC-BAE7-6AAA48BBD740: 1
>content-class: urn:content-classes:message
>Thread-Topic: [Snort-users] snort and acid - Traffic Profile by Protocol 
>doesnt update correctly
>Thread-Index: AcSX0wnVVQXTIBmuTYqLhd4OICPK5gAFlsEg
>X-Spam-Score: 0.3 (/)
>X-Spam-Report: Spam Filtering performed by sourceforge.net.See 
>http://spamassassin.org/tag/ for more details.Report problems to 
>http://sf.net/tracker/?func=add&group_id=1&atid=2000010.0 
>SF_CHICKENPOX_SLASH    BODY: Text interparsed with /0.0 SF_CHICKENPOX_MINUS 
>    BODY: Text interparsed with -0.0 SF_CHICKENPOX_COLON    BODY: Text 
>interparsed with :0.0 SF_CHICKENPOX_AT       BODY: Text interparsed with 
>@0.0 SF_CHICKENPOX_APOSTROPHE BODY: Text interparsed with '0.0 
>SF_CHICKENPOX_PARATHESES_OPEN BODY: Text interparsed with (0.0 
>SF_CHICKENPOX_PERIOD   BODY: Text interparsed with .0.2 EXCUSE_16           
>    BODY: I wonder how many emails they sent in error0.0 
>SF_CHICKENPOX_UNDERSCORE BODY: Text interparsed with _0.0 
>SF_CHICKENPOX_EQUAL    BODY: Text interparsed with =
>Errors-To: snort-users-admin at lists.sourceforge.net
>X-BeenThere: snort-users at lists.sourceforge.net
>X-Mailman-Version: 2.0.9-sf.net
>Precedence: bulk
>List-Unsubscribe: 
><https://lists.sourceforge.net/lists/listinfo/snort-users>,<mailto:snort-users-request at lists.sourceforge.net?subject=unsubscribe>
>List-Id: Snort users talk about... Snort! 
><snort-users.lists.sourceforge.net>
>List-Post: <mailto:snort-users at lists.sourceforge.net>
>List-Help: <mailto:snort-users-request at lists.sourceforge.net?subject=help>
>List-Subscribe: 
><https://lists.sourceforge.net/lists/listinfo/snort-users>,<mailto:snort-users-request at lists.sourceforge.net?subject=subscribe>
>List-Archive: 
><http://sourceforge.net/mailarchive/forum.php?forum=snort-users>
>X-Original-Date: Sat, 11 Sep 2004 05:26:39 -0500
>Return-Path: snort-users-admin at lists.sourceforge.net
>X-OriginalArrivalTime: 11 Sep 2004 10:40:03.0674 (UTC) 
>FILETIME=[B23E1BA0:01C497EB]
>
>That is just the traffic that snort saw.  If it matches any rule it gets
>put in the alert file and sent to whatever your output option is set
>for, in your case the mysql database.  If you ant to make sure your
>getting alerts scan it with one of the scanners I have listed at the
>bottom of that paper.
>
>
>-----Original Message-----
>From: John Oost [mailto:johnoost at ...125...]
>Sent: Saturday, September 11, 2004 2:31 AM
>To: snort-users at lists.sourceforge.net
>Subject: [Snort-users] snort and acid - Traffic Profile by Protocol
>doesnt update correctly
>
>Hi All,
>
>I just installed snort and acid for the first time and quickly read
>through the manuals. I installed snort and Acid on Redhat 9 using
>Patrick Harper's installation guide. Everything seems to work fine
>except for the "Traffic Profile by Protocol" display of acid. This
>display just doesnt seem to update every time. When I run snort -v and
>press ctrl-c after a while it tells me that 99% of the traffic was tcp.
>The display in Acid displays 79% udp and 3% tcp. Is this display
>supposed to show the traffic that snort has "sniffed" or the traffic
>that was identified as "bad" ? If it's the first, is this a known error?
>
>Best regards,
>
>_________________________________________________________________
>Hotmail en Messenger on the move
>http://www.msn.nl/communicatie/smsdiensten/hotmailsmsv2/
>
>
>
>-------------------------------------------------------
>This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
>Project Admins to receive an Apple iPod Mini FREE for your judgement on
>who ports your project to Linux PPC the best. Sponsored by IBM.
>Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
>
>
>
>Disclaimer:
>This electronic message, including any attachments, is confidential and 
>intended solely for use of the intended recipient(s). This message may 
>contain information that is privileged or otherwise protected from 
>disclosure by applicable law. Any unauthorized disclosure, dissemination, 
>use or reproduction is strictly prohibited. If you have received this 
>message in error, please delete it and notify the sender immediately.
>
>
>
>
>
>-------------------------------------------------------
>This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
>Project Admins to receive an Apple iPod Mini FREE for your judgement on
>who ports your project to Linux PPC the best. Sponsored by IBM.
>Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users

_________________________________________________________________
Hotmail en Messenger on the move 
http://www.msn.nl/communicatie/smsdiensten/hotmailsmsv2/





More information about the Snort-users mailing list