[Snort-users] installation problem

Deepika p dgpks1 at ...11827...
Thu Jun 21 09:39:03 EDT 2012


Sir,
  We have chosen a project on snort .but installation itself became big
problem and we have chosen windows operating system and
when we run following command in command prompt
\> snort -A console -i2 -c c:\snort\etc\snort.conf -l c:\snort\log -K ascii
 We got following lines at the end


Encoded Rule Plugin SID: 16662, GID: 3 not registered properly.  Disabling
this
rule.

Encoded Rule Plugin SID: 13511, GID: 3 not registered properly.  Disabling
this
rule.

Encoded Rule Plugin SID: 18663, GID: 3 not registered properly.  Disabling
this
rule.

Encoded Rule Plugin SID: 13969, GID: 3 not registered properly.  Disabling
this
rule.

Encoded Rule Plugin SID: 20135, GID: 3 not registered properly.  Disabling
this
rule.

Encoded Rule Plugin SID: 16577, GID: 3 not registered properly.  Disabling
this
rule.

Encoded Rule Plugin SID: 16375, GID: 3 not registered properly.  Disabling
this
rule.

Encoded Rule Plugin SID: 13475, GID: 3 not registered properly.  Disabling
this
rule.

Encoded Rule Plugin SID: 15470, GID: 3 not registered properly.  Disabling
this
rule.

Encoded Rule Plugin SID: 15125, GID: 3 not registered properly.  Disabling
this
rule.

Encoded Rule Plugin SID: 15503, GID: 3 not registered properly.  Disabling
this
rule.

Encoded Rule Plugin SID: 13954, GID: 3 not registered properly.  Disabling
this
rule.

Encoded Rule Plugin SID: 16237, GID: 3 not registered properly.  Disabling
this
rule.

Encoded Rule Plugin SID: 16182, GID: 3 not registered properly.  Disabling
this
rule.

Encoded Rule Plugin SID: 16534, GID: 3 not registered properly.  Disabling
this
rule.

Encoded Rule Plugin SID: 13287, GID: 3 not registered properly.  Disabling
this
rule.

Verifying Preprocessor Configurations!
ICMP tracking disabled, no ICMP sessions allocated
IP tracking disabled, no IP sessions allocated
WARNING: flowbits key 'file.cdr' is checked but not ever set.
WARNING: flowbits key 'file.chm' is set but not ever checked.
WARNING: flowbits key 'file.xul' is set but not ever checked.
WARNING: flowbits key 'file.smil' is set but not ever checked.
WARNING: flowbits key 'file.emf' is set but not ever checked.
WARNING: flowbits key 'file.jarpack' is set but not ever checked.
WARNING: flowbits key 'file.universalbinary' is set but not ever checked.
WARNING: flowbits key 'file.gif' is set but not ever checked.
WARNING: flowbits key 'file.pdf' is set but not ever checked.
WARNING: flowbits key 'file.png' is set but not ever checked.
WARNING: flowbits key 'file.doc' is set but not ever checked.
WARNING: flowbits key 'file.zip' is set but not ever checked.
WARNING: flowbits key 'file.rtf' is set but not ever checked.
WARNING: flowbits key 'file.xbm' is set but not ever checked.
WARNING: flowbits key 'file.sln' is set but not ever checked.
WARNING: flowbits key 'file.xm' is set but not ever checked.
WARNING: flowbits key 'file.caff' is set but not ever checked.
WARNING: flowbits key 'file.wmv' is set but not ever checked.
WARNING: flowbits key 'file.swf' is set but not ever checked.
WARNING: flowbits key 'tlsv1.server_hello.request' is checked but not ever
set.
WARNING: flowbits key 'file.addin' is set but not ever checked.
WARNING: flowbits key 'file.wps' is set but not ever checked.
WARNING: flowbits key 'file.pub' is set but not ever checked.
WARNING: flowbits key 'file.pct' is set but not ever checked.
WARNING: flowbits key 'file.tiff.little' is set but not ever checked.
WARNING: flowbits key 'tlsv1.client_hello.request' is checked but not ever
set.
WARNING: flowbits key 'file.pls' is set but not ever checked.
WARNING: flowbits key 'trojan.nervos' is set but not ever checked.
WARNING: flowbits key 'file.lnk' is set but not ever checked.
WARNING: flowbits key 'backdoor.fearless.runtime' is checked but not ever
set.
WARNING: flowbits key 'file.smi' is set but not ever checked.
WARNING: flowbits key 'file.slk' is set but not ever checked.
WARNING: flowbits key 'file.xspf' is set but not ever checked.
WARNING: flowbits key 'file.quicktime.mp4' is set but not ever checked.
WARNING: flowbits key 'file.dbp' is set but not ever checked.
WARNING: flowbits key 'backdoor.asylum.connect' is checked but not ever set.
WARNING: flowbits key 'file.otf' is set but not ever checked.
WARNING: flowbits key 'file.qcp' is set but not ever checked.
WARNING: flowbits key 'ABSystemSpy_Inforetrieve1' is set but not ever
checked.
WARNING: flowbits key 'file.ttf' is set but not ever checked.
WARNING: flowbits key 'file.tiff' is set but not ever checked.
WARNING: flowbits key 'file.visprj' is set but not ever checked.
WARNING: flowbits key 'file.aiff' is set but not ever checked.
WARNING: flowbits key 'AOLAdmin1.1.connection' is checked but not ever set.
WARNING: flowbits key 'file.wav' is set but not ever checked.
WARNING: flowbits key 'file.torrent' is set but not ever checked.
WARNING: flowbits key 'oracle.connect' is checked but not ever set.
WARNING: flowbits key 'file.asx' is set but not ever checked.
WARNING: flowbits key 'file.fpx' is set but not ever checked.
WARNING: flowbits key 'file.realplayer.playlist' is set but not ever
checked.
WARNING: flowbits key 'file.mp3' is set but not ever checked.
WARNING: flowbits key 'file.ole' is set but not ever checked.
WARNING: flowbits key 'dorkbot.ircinit' is set but not ever checked.
WARNING: flowbits key 'file.mswmm' is set but not ever checked.
WARNING: flowbits key 'file.dxf' is set but not ever checked.
WARNING: flowbits key 'file.ogg' is set but not ever checked.
WARNING: flowbits key 'file.xls' is set but not ever checked.
WARNING: flowbits key 'file.engtesselate' is set but not ever checked.
WARNING: flowbits key 'file.pkp' is set but not ever checked.
WARNING: flowbits key 'file.avi.video' is set but not ever checked.
WARNING: flowbits key 'file.pmd' is set but not ever checked.
WARNING: flowbits key 'file.class' is set but not ever checked.
WARNING: flowbits key 'file.visio' is set but not ever checked.
WARNING: flowbits key 'backdoor.y3krat_15.client.response' is checked but
not ev
er set.
WARNING: flowbits key 'file.4xm' is set but not ever checked.
WARNING: flowbits key 'backdoor.donalddick.1.5.b.3.conn' is checked but not
ever
 set.
WARNING: flowbits key 'file.m3u' is set but not ever checked.
WARNING: flowbits key 'file.bmp' is set but not ever checked.
WARNING: flowbits key 'sslv2.server_hello.request' is checked but not ever
set.
WARNING: flowbits key 'file.xlw' is set but not ever checked.
WARNING: flowbits key 'file.psfont' is set but not ever checked.
WARNING: flowbits key 'file.ani' is set but not ever checked.
WARNING: flowbits key 'file.realmedia' is set but not ever checked.
WARNING: flowbits key 'file.quicktime' is set but not ever checked.
WARNING: flowbits key 'file.wmf' is set but not ever checked.
WARNING: flowbits key 'file.jpeg' is set but not ever checked.
WARNING: flowbits key 'file.vap' is set but not ever checked.
WARNING: flowbits key 'file.hpj' is set but not ever checked.
WARNING: flowbits key 'file.eot' is set but not ever checked.
WARNING: flowbits key 'file.works' is set but not ever checked.
WARNING: flowbits key 'file.cue' is set but not ever checked.
WARNING: flowbits key 'file.avi' is set but not ever checked.
WARNING: flowbits key 'kit.blackhole' is set but not ever checked.
WARNING: flowbits key 'file.flv' is set but not ever checked.
WARNING: flowbits key 'file.dmg' is set but not ever checked.
WARNING: flowbits key 'file.tiff.big' is set but not ever checked.
WARNING: flowbits key 'file.eps' is set but not ever checked.
WARNING: flowbits key 'file.xml' is set but not ever checked.
WARNING: flowbits key 'file.asf' is set but not ever checked.
WARNING: flowbits key 'file.dir' is set but not ever checked.
WARNING: flowbits key 'file.xpm' is set but not ever checked.
WARNING: flowbits key 'file.pptx' is set but not ever checked.
98 out of 1024 flowbits in use.

[ Port Based Pattern Matching Memory ]
+- [ Aho-Corasick Summary ] -------------------------------------
| Storage Format    : Full-Q
| Finite Automaton  : DFA
| Alphabet Size     : 256 Chars
| Sizeof State      : Variable (1,2,4 bytes)
| Instances         : 75
|     1 byte states : 66
|     2 byte states : 9
|     4 byte states : 0
| Characters        : 11282
| States            : 8191
| Transitions       : 176281
| State Density     : 8.4%
| Patterns          : 963
| Match States      : 930
| Memory (MB)       : 3.98
|   Patterns        : 0.07
|   Match Lists     : 0.09
|   DFA
|     1 byte states : 0.34
|     2 byte states : 3.39
|     4 byte states : 0.00
+----------------------------------------------------------------
[ Number of patterns truncated to 20 bytes: 124 ]
pcap DAQ configured to passive.
The DAQ version does not support reload.
Acquiring network traffic from
"\Device\NPF_{3B066531-94C4-4299-B2D6-3F3A0E2E98B
1}".
Decoding Ethernet

        --== Initialization Complete ==--

   ,,_     -*> Snort! <*-
  o"  )~   Version 2.9.2.3-ODBC-MySQL-WIN32 GRE (Build 205)
   ''''    By Martin Roesch & The Snort Team:
http://www.snort.org/snort/snort-t
eam
           Copyright (C) 1998-2012 Sourcefire, Inc., et al.
           Using PCRE version: 8.10 2010-06-25
           Using ZLIB version: 1.2.3

           Rules Engine: SF_SNORT_DETECTION_ENGINE  Version 1.15  <Build 18>
           Preprocessor Object: SF_SSLPP  Version 1.1  <Build 4>
           Preprocessor Object: SF_SSH  Version 1.1  <Build 3>
           Preprocessor Object: SF_SMTP  Version 1.1  <Build 9>
           Preprocessor Object: SF_SIP  Version 1.1  <Build 1>
           Preprocessor Object: SF_SDF  Version 1.1  <Build 1>
           Preprocessor Object: SF_REPUTATION  Version 1.1  <Build 1>
           Preprocessor Object: SF_POP  Version 1.0  <Build 1>
           Preprocessor Object: SF_MODBUS  Version 1.1  <Build 1>
           Preprocessor Object: SF_IMAP  Version 1.0  <Build 1>
           Preprocessor Object: SF_GTP  Version 1.1  <Build 1>
           Preprocessor Object: SF_FTPTELNET  Version 1.2  <Build 13>
           Preprocessor Object: SF_DNS  Version 1.1  <Build 4>
           Preprocessor Object: SF_DNP3  Version 1.1  <Build 1>
           Preprocessor Object: SF_DCERPC2  Version 1.0  <Build 3>
Commencing packet processing (pid=2128)


and after this pressing Ctrl+C  getting following output even though we
have run it for 30 minutes and opened so many web sites of http and ftp

*** Caught Int-Signal
===============================================================================
Run time for packet processing was 356.27000 seconds
Snort processed 0 packets.
Snort ran for 0 days 0 hours 5 minutes 56 seconds
   Pkts/min:            0
   Pkts/sec:            0
===============================================================================
Packet I/O Totals:
   Received:            0
   Analyzed:            0 (  0.000%)
    Dropped:            0 (  0.000%)
   Filtered:            0 (  0.000%)
Outstanding:            0 (  0.000%)
   Injected:            0
===============================================================================
Breakdown by protocol (includes rebuilt packets):
        Eth:            0 (  0.000%)
       VLAN:            0 (  0.000%)
        IP4:            0 (  0.000%)
       Frag:            0 (  0.000%)
       ICMP:            0 (  0.000%)
        UDP:            0 (  0.000%)
        TCP:            0 (  0.000%)
        IP6:            0 (  0.000%)
    IP6 Ext:            0 (  0.000%)
   IP6 Opts:            0 (  0.000%)
      Frag6:            0 (  0.000%)
      ICMP6:            0 (  0.000%)
       UDP6:            0 (  0.000%)
       TCP6:            0 (  0.000%)
     Teredo:            0 (  0.000%)
    ICMP-IP:            0 (  0.000%)
      EAPOL:            0 (  0.000%)
    IP4/IP4:            0 (  0.000%)
    IP4/IP6:            0 (  0.000%)
    IP6/IP4:            0 (  0.000%)
    IP6/IP6:            0 (  0.000%)
        GRE:            0 (  0.000%)
    GRE Eth:            0 (  0.000%)
   GRE VLAN:            0 (  0.000%)
    GRE IP4:            0 (  0.000%)
    GRE IP6:            0 (  0.000%)
GRE IP6 Ext:            0 (  0.000%)
   GRE PPTP:            0 (  0.000%)
    GRE ARP:            0 (  0.000%)
    GRE IPX:            0 (  0.000%)
   GRE Loop:            0 (  0.000%)
       MPLS:            0 (  0.000%)
        ARP:            0 (  0.000%)
        IPX:            0 (  0.000%)
   Eth Loop:            0 (  0.000%)
   Eth Disc:            0 (  0.000%)
   IP4 Disc:            0 (  0.000%)
   IP6 Disc:            0 (  0.000%)
   TCP Disc:            0 (  0.000%)
   UDP Disc:            0 (  0.000%)
  ICMP Disc:            0 (  0.000%)
All Discard:            0 (  0.000%)
      Other:            0 (  0.000%)
Bad Chk Sum:            0 (  0.000%)
    Bad TTL:            0 (  0.000%)
     S5 G 1:            0 (  0.000%)
     S5 G 2:            0 (  0.000%)
      Total:            0
===============================================================================
Action Stats:
     Alerts:            0 (  0.000%)
     Logged:            0 (  0.000%)
     Passed:            0 (  0.000%)
Limits:
      Match:            0
      Queue:            0
        Log:            0
      Event:            0
      Alert:            0
Verdicts:
      Allow:            0 (  0.000%)
      Block:            0 (  0.000%)
    Replace:            0 (  0.000%)
  Whitelist:            0 (  0.000%)
  Blacklist:            0 (  0.000%)
     Ignore:            0 (  0.000%)
===============================================================================
Frag3 statistics:
        Total Fragments: 0
      Frags Reassembled: 0
               Discards: 0
          Memory Faults: 0
               Timeouts: 0
               Overlaps: 0
              Anomalies: 0
                 Alerts: 0
                  Drops: 0
     FragTrackers Added: 0
    FragTrackers Dumped: 0
FragTrackers Auto Freed: 0
    Frag Nodes Inserted: 0
     Frag Nodes Deleted: 0
===============================================================================
Stream5 statistics:
            Total sessions: 0
              TCP sessions: 0
              UDP sessions: 0
             ICMP sessions: 0
               IP sessions: 0
                TCP Prunes: 0
                UDP Prunes: 0
               ICMP Prunes: 0
                 IP Prunes: 0
TCP StreamTrackers Created: 0
TCP StreamTrackers Deleted: 0
              TCP Timeouts: 0
              TCP Overlaps: 0
       TCP Segments Queued: 0
     TCP Segments Released: 0
       TCP Rebuilt Packets: 0
         TCP Segments Used: 0
              TCP Discards: 0
                  TCP Gaps: 0
      UDP Sessions Created: 0
      UDP Sessions Deleted: 0
              UDP Timeouts: 0
              UDP Discards: 0
                    Events: 0
           Internal Events: 0
           TCP Port Filter
                   Dropped: 0
                 Inspected: 0
                   Tracked: 0
           UDP Port Filter
                   Dropped: 0
                 Inspected: 0
                   Tracked: 0
===============================================================================
===============================================================================
SMTP Preprocessor Statistics
  Total sessions                                    : 0
  Max concurrent sessions                           : 0
===============================================================================
dcerpc2 Preprocessor Statistics
  Total sessions: 0
===============================================================================
===============================================================================
SIP Preprocessor Statistics
  Total sessions: 0
===============================================================================
Snort exiting

Please let me know how to set this for output , modifications to be made in
snort.conf file and actual output to come and I'll be glad if you 7 tell
 the rules to be added for  alerting and blocking for windows  7 .and
version of snort is 2.9.2.3
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120621/56207a3a/attachment.html>


More information about the Snort-users mailing list