[Snort-users] Upgrade from 2.5.8.1 to 2.8.6 and no alerts!

Ryan Jordan ryan.jordan at ...1935...
Tue Apr 27 13:48:25 EDT 2010


98% of your traffic has invalid checksums. Snort discards this traffic
unless you run with "-k none" in your command-line options.

On Tue, Apr 27, 2010 at 1:29 PM, Chambers, Richard A.
(LARC-B703)[RAYTHEON TECHNICAL SERVICES COMPANY]
<richard.a.chambers at ...57...> wrote:
> Guys,
>   Currently running version 2.8.5.1 with no issues.  Got the source code today for 2.8.6 - configed/compiled as before but seem to be having issues.  It launches with no errors but doesn't generate any alerts:
>
> Apr 27 13:14:18 feign snort[14491]: Packet Wire Totals:
> Apr 27 13:14:18 feign snort[14491]:    Received:      5887624
> Apr 27 13:14:18 feign snort[14491]:    Analyzed:      5825494 (98.945%)
> Apr 27 13:14:18 feign snort[14491]:     Dropped:        62115 (1.055%)
> Apr 27 13:14:18 feign snort[14491]: Outstanding:           15 (0.000%)
> Apr 27 13:14:18 feign snort[14491]: ===============================================================================
> Apr 27 13:14:18 feign snort[14491]: Breakdown by protocol (includes rebuilt packets):
> Apr 27 13:14:18 feign snort[14491]:       ETH: 5825642    (100.000%)
> Apr 27 13:14:18 feign snort[14491]:   ETHdisc: 0          (0.000%)
> Apr 27 13:14:18 feign snort[14491]:      VLAN: 0          (0.000%)
> Apr 27 13:14:18 feign snort[14491]:      IPV6: 0          (0.000%)
> Apr 27 13:14:18 feign snort[14491]:   IP6 EXT: 0          (0.000%)
> Apr 27 13:14:18 feign snort[14491]:   IP6opts: 0          (0.000%)
> Apr 27 13:14:18 feign snort[14491]:   IP6disc: 0          (0.000%)
> Apr 27 13:14:18 feign snort[14491]:       IP4: 5825642    (100.000%)
> Apr 27 13:14:18 feign snort[14491]:   IP4disc: 0          (0.000%)
> Apr 27 13:14:18 feign snort[14491]:     TCP 6: 0          (0.000%)
> Apr 27 13:14:18 feign snort[14491]:     UDP 6: 0          (0.000%)
> Apr 27 13:14:18 feign snort[14491]:     ICMP6: 0          (0.000%)
> Apr 27 13:14:18 feign snort[14491]:   ICMP-IP: 0          (0.000%)
> Apr 27 13:14:18 feign snort[14491]:       TCP: 5715187    (98.104%)
> Apr 27 13:14:18 feign snort[14491]:       UDP: 97763      (1.678%)
> Apr 27 13:14:18 feign snort[14491]:      ICMP: 3409       (0.059%)
> Apr 27 13:14:18 feign snort[14491]:   TCPdisc: 0          (0.000%)
> Apr 27 13:14:18 feign snort[14491]:   UDPdisc: 0          (0.000%)
> Apr 27 13:14:18 feign snort[14491]:   ICMPdis: 0          (0.000%)
> Apr 27 13:14:18 feign snort[14491]:      FRAG: 296        (0.005%)
> Apr 27 13:14:18 feign snort[14491]:    FRAG 6: 0          (0.000%)
> Apr 27 13:14:18 feign snort[14491]:       ARP: 0          (0.000%)
> Apr 27 13:14:18 feign snort[14491]:     EAPOL: 0          (0.000%)
> Apr 27 13:14:18 feign snort[14491]:   ETHLOOP: 0          (0.000%)
> Apr 27 13:14:18 feign snort[14491]:       IPX: 0          (0.000%)
> Apr 27 13:14:18 feign snort[14491]:     OTHER: 8999       (0.154%)
> Apr 27 13:14:18 feign snort[14491]:   DISCARD: 0          (0.000%)
> Apr 27 13:14:18 feign snort[14491]: InvChkSum: 5715187    (98.104%)
> Apr 27 13:14:18 feign snort[14491]:    S5 G 1: 0          (0.000%)
> Apr 27 13:14:18 feign snort[14491]:    S5 G 2: 0          (0.000%)
> Apr 27 13:14:18 feign snort[14491]:     Total: 5825642
> Apr 27 13:14:18 feign snort[14491]: ===============================================================================
> Apr 27 13:14:18 feign snort[14491]: Action Stats:
> Apr 27 13:14:18 feign snort[14491]: ALERTS: 0
> Apr 27 13:14:18 feign snort[14491]: LOGGED: 0
> Apr 27 13:14:18 feign snort[14491]: PASSED: 5262
> Apr 27 13:14:18 feign snort[14491]: ===============================================================================
> Apr 27 13:14:18 feign snort[14491]: Frag3 statistics:
> Apr 27 13:14:18 feign snort[14491]:         Total Fragments: 296
> Apr 27 13:14:18 feign snort[14491]:       Frags Reassembled: 148
> Apr 27 13:14:18 feign snort[14491]:                Discards: 0
> Apr 27 13:14:18 feign snort[14491]:           Memory Faults: 0
> Apr 27 13:14:18 feign snort[14491]:                Timeouts: 0
> Apr 27 13:14:18 feign snort[14491]:                Overlaps: 0
> Apr 27 13:14:18 feign snort[14491]:               Anomalies: 0
> Apr 27 13:14:18 feign snort[14491]:                  Alerts: 0
> Apr 27 13:14:18 feign snort[14491]:                   Drops: 0
> Apr 27 13:14:18 feign snort[14491]:      FragTrackers Added: 148
> Apr 27 13:14:18 feign snort[14491]:     FragTrackers Dumped: 148
> Apr 27 13:14:18 feign snort[14491]: FragTrackers Auto Freed: 0
>
> Any thoughts?
>
> Thanks
>
> Richard A. Chambers
> IT Security
> Raytheon, ConITS
> Richard.A.Chambers at ...57...
> 757-864-5080
> ----
> IT Security
> itsecurity at ...4552...
> 757-864-4200
>
>
>
> ------------------------------------------------------------------------------
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>




More information about the Snort-users mailing list