[Snort-users] how to update snort

Joel Esler jesler at ...1935...
Mon Nov 21 17:06:34 EST 2011


We recommend the use of PulledPork for rule management, and we write our detection with the features of pulledpork in mind.

J

On Nov 21, 2011, at 3:55 PM, codeforfun wrote:

> Where should i extract the snort-snapshot compressed file to?
> 
> I have downloaded the latest rule set from the website and now want to 
> update my local copy.
> 
> 
> codeforfun
> 
> 
> 
> 
> On 15/11/2011 23:02, acv wrote:
>> Hi,
>> 
>> Sounds like your wireless device does not support promiscuous mode. Try using
>> WinDump on the interface, if it fails to, you'll know that it's the hardware
>> (and/or drivers) and not snort.
>> 
>> Alex
>> 
>> On Tue, Nov 15, 2011 at 10:03:34PM +0000, codeforfun wrote:
>>> Date: Tue, 15 Nov 2011 22:03:34 +0000
>>> From: codeforfun<codeforfun at ...10619...>
>>> To: snort-users at lists.sourceforge.net
>>> Subject: [Snort-users] snort wireless card "ERROR: Can't start DAQ (-1) - ê!î???!"
>>> 
>>> I have installed snort and have it running fine with my wired interface.
>>> 
>>> But when i try to run snort with my wireless card i get this error
>>> "ERROR: Can't start DAQ (-1) - ê!î???!"
>>> 
>>> Could someone please help point me in the right direction?
>>> 
>>> 
>>> 
>>> Full Error Message:
>>> 
>>> Initializing Output Plugins!
>>> pcap DAQ configured to passive.
>>> Acquiring network traffic from
>>> "\Device\NPF_{########-####-####-############}".
>>> ERROR: Can't start DAQ (-1) - ê!î???!
>>> Fatal Error, Quitting..
>>> 
>>> 
>>> 
>>> Version information:
>>> 
>>> Snort Version 2.9.1.2-ODBC-MySQL-WIN32 IPv6 GRE (Build 84)
>>> Using PCRE version: 8.10 2010-06-25
>>> Using ZLIB version: 1.2.3
>>> WinPcap 4.1.2
>>> 
>>> 
>>> --
>>> codeforfun
>>> 
>>> ------------------------------------------------------------------------------
>>> RSA(R) Conference 2012
>>> Save $700 by Nov 18
>>> Register now
>>> http://p.sf.net/sfu/rsa-sfdev2dev1
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>> 
>>> Please visit http://blog.snort.org to stay current on all the latest Snort news!
> 
> 
> ------------------------------------------------------------------------------
> All the data continuously generated in your IT infrastructure 
> contains a definitive record of customers, application performance, 
> security threats, fraudulent activity, and more. Splunk takes this 
> data and makes sense of it. IT sense. And common sense.
> http://p.sf.net/sfu/splunk-novd2d
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!





More information about the Snort-users mailing list