[Snort-users] Are the rules not being read?

Joel Esler jesler at ...1935...
Mon Apr 26 07:49:19 EDT 2010

Are you trying to generate the traffic on the same machine you are  
sniffing on?

Joel Esler
Sent from my iPhone

On Apr 26, 2010, at 3:18 AM, Eric Zheng <zhengeric at ...125...> wrote:

> I have set up snort successfully and I can get it to read pings to  
> websites and scan packets.  However, I am testing out the chat rules  
> which should trigger an alert whenever I sign onto MSN or Yahoo but  
> it does not seem to do anything whenever I sign in and talk to  
> people.  I have it enabled in snort.conf (took away the # sign) and  
> see that chat.rules is in the rules directory.  Anyone know any  
> possible causes of this?  Thank you.
> PS:  I'm also getting a lot of 1384 "malformed advertisement" alerts  
> which I believe to be false positives.  Any way to correct this?   
> Thanks.
> The New Busy is not the too busy. Combine all your e-mail accounts  
> with Hotmail. Get busy.
> --- 
> --- 
> --- 
> ---------------------------------------------------------------------
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100426/2e0071f9/attachment.html>

More information about the Snort-users mailing list