[Snort-users] (no subject)

Charles Pigeon doom.rainer at ...11827...
Sat Jun 23 11:49:40 EDT 2012


If you are using windows 7 you need run the command prompt as an
administrator. By default, capturing the packets requires elevated
permissions. Also, it looks like your real network interface is on i4 from
your previous emails.

A good quick test would be running wireshark as an administrator and
selection the physical network card. Make sure it sees packets?

Thanks, Charles
On Jun 23, 2012 1:56 AM, "Deepika p" <dgpks1 at ...11827...> wrote:

> Hi,
>
> c:\winids\snort\bin\snort -v -i2
>
> Running in packet dump mode
>
>         --== Initializing Snort ==--
> Initializing Output Plugins!
> pcap DAQ configured to passive.
> The DAQ version does not support reload.
> Acquiring network traffic from
> "\Device\NPF_{D33FABD2-08A8-4FEE-86DB-5935FE26E33
> 3}".
> Decoding Ethernet
>
>         --== Initialization Complete ==--
>
>    ,,_     -*> Snort! <*-
>   o"  )~   Version 2.9.2.3-ODBC-MySQL-WIN32 IPv6 GRE (Build 205)
>    ''''    By Martin Roesch & The Snort Team:
> http://www.snort.org/snort/snort-t
> eam
>            Copyright (C) 1998-2012 Sourcefire, Inc., et al.
>            Using PCRE version: 8.10 2010-06-25
>            Using ZLIB version: 1.2.3
>
> Commencing packet processing (pid=4104)
> *** Caught Int-Signal
>
> ===============================================================================
> Run time for packet processing was 7853.195000 seconds
> Snort processed 0 packets.
> Snort ran for 0 days 2 hours 10 minutes 53 seconds
>     Pkts/hr:            0
>    Pkts/min:            0
>    Pkts/sec:            0
>
> ===============================================================================
> Packet I/O Totals:
>    Received:            0
>    Analyzed:            0 (  0.000%)
>     Dropped:            0 (  0.000%)
>    Filtered:            0 (  0.000%)
> Outstanding:            0 (  0.000%)
>    Injected:            0
>
> ===============================================================================
> Breakdown by protocol (includes rebuilt packets):
>         Eth:            0 (  0.000%)
>        VLAN:            0 (  0.000%)
>         IP4:            0 (  0.000%)
>        Frag:            0 (  0.000%)
>        ICMP:            0 (  0.000%)
>         UDP:            0 (  0.000%)
>         TCP:            0 (  0.000%)
>         IP6:            0 (  0.000%)
>     IP6 Ext:            0 (  0.000%)
>    IP6 Opts:            0 (  0.000%)
>       Frag6:            0 (  0.000%)
>       ICMP6:            0 (  0.000%)
>        UDP6:            0 (  0.000%)
>        TCP6:            0 (  0.000%)
>      Teredo:            0 (  0.000%)
>     ICMP-IP:            0 (  0.000%)
>       EAPOL:            0 (  0.000%)
>     IP4/IP4:            0 (  0.000%)
>     IP4/IP6:            0 (  0.000%)
>     IP6/IP4:            0 (  0.000%)
>     IP6/IP6:            0 (  0.000%)
>         GRE:            0 (  0.000%)
>     GRE Eth:            0 (  0.000%)
>    GRE VLAN:            0 (  0.000%)
>     GRE IP4:            0 (  0.000%)
>     GRE IP6:            0 (  0.000%)
> GRE IP6 Ext:            0 (  0.000%)
>    GRE PPTP:            0 (  0.000%)
>     GRE ARP:            0 (  0.000%)
>     GRE IPX:            0 (  0.000%)
>    GRE Loop:            0 (  0.000%)
>        MPLS:            0 (  0.000%)
>         ARP:            0 (  0.000%)
>         IPX:            0 (  0.000%)
>    Eth Loop:            0 (  0.000%)
>    Eth Disc:            0 (  0.000%)
>    IP4 Disc:            0 (  0.000%)
>    IP6 Disc:            0 (  0.000%)
>    TCP Disc:            0 (  0.000%)
>    UDP Disc:            0 (  0.000%)
>   ICMP Disc:            0 (  0.000%)
> All Discard:            0 (  0.000%)
>       Other:            0 (  0.000%)
> Bad Chk Sum:            0 (  0.000%)
>     Bad TTL:            0 (  0.000%)
>      S5 G 1:            0 (  0.000%)
>      S5 G 2:            0 (  0.000%)
>       Total:            0
>
> ===============================================================================
> Snort exiting
>
>
> This is the output with every interface I used i.e ,1 ,2 ,3 and 4. For
> every interface I have run snort for 1 hour . At the same I accessed
> Internet , many websites .What is the actual problem that making snort to
> not showing the traffic.
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120623/ef86ea91/attachment.html>


More information about the Snort-users mailing list