[Snort-users] Testing snort

Sandip Bankewar sbankewar at ...15479...
Fri May 25 02:35:50 EDT 2012


Hi Romskie,

That's great, Thanks.

AT the time of installing tcpreplay I am getting following error.

checking for libpcap... configure: error: Unable to find matching library for header file in /usr
Does anyone face this issue ever.

Regards,
Sandip

-----Original Message-----
From: Romskie L [mailto:rslaranjo at ...11827...] 
Sent: 25 May 2012 11:28
To: snort-users at lists.sourceforge.net
Cc: Sandip Bankewar
Subject: Re: [Snort-users] Testing snort

Hi Sandip,

The error says you need to install flex. If you are using ubuntu, you can apt-get install flex to install it.


Regards,

Rommel L.

On Fri, May 25, 2012 at 1:29 PM, Sandip Bankewar <sbankewar at ...15479...> wrote:
> Hi Nick,
>
>
>
> Yes I have installed tcpreplay successfully on Linux. Thanks for your help.
>
>
>
>
>
> While installing libpcap I am getting following error:
>
>
>
> configure: error: Your operating system's lex is insufficient to 
> compile
>
> libpcap.  flex is a lex replacement that has many advantages, 
> including
>
> being able to compile libpcap.  For more information, see
>
> http://www.gnu.org/software/flex/flex.html.
>
>
>
> Could you please help me out.
>
>
>
> Regards,
>
> Sandip Bankewar
>
>
>
> From: Nick Moore [mailto:nmoore at ...1935...]
> Sent: 24 May 2012 17:50
>
>
> To: Sandip Bankewar
> Cc: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Testing snort
>
>
>
> Sandip,
>
>
>
> I have only used it in Linux and Mac OSX. I have to confess that I 
> haven't used Windows as my primary workstation for over six years and 
> am not familiar with current tools for it. The website mentions 
> Cygwin, which if I remember correctly creates a Linux-like environment 
> for Windows. So you're pretty much back to square one.
>
>
>
> If there are other users on the list who are more knowledgable 
> regarding Windows and available tcpreplay-like utilities, please chime in.
>
>
>
> Regarding installation instructions, installing from source is pretty 
> much the same as any package:
>
> tar -zxvf tcpreplay-3.x.x.tar.gz
> cd tcpreplay-3.x.x
> ./configure && make && make install
>
> If you run Debian or Ubuntu, you can use apt-get. Most RPM based 
> distro's should have tcpreplay. (blatantly plagiarizing from the website).
>
>
>
> To quote Marty Roesch "Learn to use Linux. Like eating your broccoli, 
> it's good for you." A really good start would be to download a Snort 
> set up doc for Ubuntu or CentOS and follow it through. David Gullet 
> has done a much better job than I on keeping up with current releases with his Ubuntu doc.
>
>
>
> Happy Snorting!
>
>
>
> Nick
>
>
>
> On Thu, May 24, 2012 at 6:30 AM, Sandip Bankewar 
> <sbankewar at ...15479...>
> wrote:
>
> Hi Nick,
>
>
>
> I am new to this. Could you please provide me steps for installation 
> or Is there any windows tool?
>
>
>
>
>
> From: Nick Moore [mailto:nmoore at ...1935...]
> Sent: 24 May 2012 16:44
> To: Sandip Bankewar
> Subject: Re: [Snort-users] Testing snort
>
>
>
> Sandip,
>
>
>
> Please try tcpreplay.
>
>
>
> http://tcpreplay.synfin.net/
>
>
>
> Happy Snorting!
>
>
>
> Nick
>
> On Thu, May 24, 2012 at 5:04 AM, Sandip Bankewar 
> <sbankewar at ...15479...>
> wrote:
>
> Hi All,
>
>
>
> I want to test snort using large packets.
>
> I started wireshark and started to capture traffic. I am planning to 
> save .pcap file and load it into a system running snort.
>
> My question is how can I load .pcap or wireshark file to that system?
>
> Is there any tool?
>
>
>
> Is there any other method to test it?
>
>
>
>
>
> Regards,
>
> Sandip Bankewar
>
>
>
>
> ----------------------------------------------------------------------
> --------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and 
> threat landscape has changed and how IT managers can respond. 
> Discussions will include endpoint security, mobile security and the 
> latest in malware threats. 
> http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest 
> Snort news!
>
>
>
>
>
> --
> Nick Moore, SFCE, CISSP, CISA
> Sr. Systems Engineer
> Voice 708-336-9041
> Email nick.moore at ...1935...
> IM    nickgmoore (Yahoo)
>        nickgmoore38 (AIM)
>
>     ,,_
>    o"  )~   Sourcefire - The Creators of Snort
>     ''''
>
> www.sourcefire.com         www.snort.org     www.immunet.com
>
>
>
>
>
> --
> Nick Moore, SFCE, CISSP, CISA
> Sr. Systems Engineer
> Voice 708-336-9041
> Email nick.moore at ...1935...
> IM    nickgmoore (Yahoo)
>        nickgmoore38 (AIM)
>
>     ,,_
>    o"  )~   Sourcefire - The Creators of Snort
>     ''''
>
> www.sourcefire.com         www.snort.org     www.immunet.com
>
>
> ----------------------------------------------------------------------
> --------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and 
> threat landscape has changed and how IT managers can respond. 
> Discussions will include endpoint security, mobile security and the 
> latest in malware threats. 
> http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest 
> Snort news!






More information about the Snort-users mailing list