[Snort-users] [Snort-devel] Snort Configuration Problems

Michael Steele michaels at ...9077...
Wed Jan 2 13:49:51 EST 2013


Sorry,

 

It appears you might not have WinPcap installed. Go to WinSnort.com and
frollw one of the guided installs to get Snort installed and functioning up
to using the -W switch.

 

Best regards,

Michael...

 

WINSNORT.com Management Team Member

--

****************** Established ~ 2001 *******************

*          Visit Us @  <http://www.winsnort.com/> http://www.winsnort.com
*

*      ~~ FREE WinIDS Snort installation guides ~~      *

*               ~~ FREE support forums ~~               *

* Snort: Open Source Network IDS -  <http://www.snort.org/>
http://www.snort.org *

*********************************************************

 

From: Michael Steele [mailto:michaels at ...9077...] 
Sent: Wednesday, January 02, 2013 10:00 AM
To: 'Natalie Woh'
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] [Snort-devel] Snort Configuration Problems

 

It appears not to find interface 2. From an open CMD window type
'c:\snort\bin\snort -W'  (less the outside quotes), and tap the enter key.

 

Make sure you are selecting the correct interface.

 

Example: c:\snort\bin\snort -c c:\snort\etc\snort.conf -l c:\snort\log -i1

 

Best regards,

Michael...

 

WINSNORT.com Management Team Member

--

****************** Established ~ 2001 *******************

*          Visit Us @  <http://www.winsnort.com/> http://www.winsnort.com
*

*      ~~ FREE WinIDS Snort installation guides ~~      *

*               ~~ FREE support forums ~~               *

* Snort: Open Source Network IDS -  <http://www.snort.org/>
http://www.snort.org *

*********************************************************

 

From: Natalie Woh [mailto:lunchisserved at ...125...] 
Sent: Wednesday, January 02, 2013 3:14 AM
To: michaels at ...9077... <mailto:michaels at ...9077...> 
Subject: RE: [Snort-devel] Snort Configuration Problems

 

Hi Michael

 

Thank you for the reply.

 

The \ was not added to the tail of the configuration line.

 

I have tried re-installing snort and even installing snort in another
computer however, I am still unable to get it configured successfully.

 

Error Message from snort in the new computer:

 

C:\Snort\bin>snort -W

 

   ,,_     -*> Snort! <*-

  o"  )~   Version 2.9.4-WIN32 GRE (Build 40)

   ''''    By Martin Roesch & The Snort Team:
http://www.snort.org/snort/snort-t

eam

           Copyright (C) 1998-2012 Sourcefire, Inc., et al.

           Using PCRE version: 8.10 2010-06-25

           Using ZLIB version: 1.2.3

 

Index   Physical Address        IP Address      Device Name     Description

-----   ----------------        ----------      -----------     -----------

 

C:\Snort\bin>snort -c c:\snort\etc\snort.conf -l c:\snort\log -i 2

ERROR: Invalid device number: 2.

Fatal Error, Quitting..

Could not create the registry key.

 

I hope to hear from you at your earliest convenience.

 

Thank you for your time.

 

Best Regards

Natalie

  _____  

From: michaels at ...9077... <mailto:michaels at ...9077...> 
To: lunchisserved at ...125... <mailto:lunchisserved at ...125...> ;
snort-users at lists.sourceforge.net <mailto:snort-users at lists.sourceforge.net>

Subject: RE: [Snort-devel] Snort Configuration Problems
Date: Sun, 30 Dec 2012 09:01:05 -0500

I've seen this happen when the \ has been added to the tail if the
configuration line. It must be removed in Windows.

 

When Snort is installed the folder 'snort\lib\snort_dynamicrules' is
created, and there should be several files inside that folder.

 

Directory of c:\snort\lib\snort_dynamicpreprocessor

 

11/16/2012  02:40 PM           196,608 sf_dce2.dll

11/16/2012  02:41 PM            32,768 sf_dnp3.dll

11/16/2012  02:39 PM            24,576 sf_dns.dll

11/16/2012  02:39 PM            65,536 sf_ftptelnet.dll

11/16/2012  02:41 PM            36,864 sf_gtp.dll

11/16/2012  02:40 PM           192,512 sf_imap.dll

11/16/2012  02:41 PM            24,576 sf_modbus.dll

11/16/2012  02:41 PM           192,512 sf_pop.dll

11/16/2012  02:41 PM            32,768 sf_reputation.dll

11/16/2012  02:40 PM            32,768 sf_sdf.dll

11/16/2012  02:40 PM            45,056 sf_sip.dll

11/16/2012  02:39 PM           208,896 sf_smtp.dll

11/16/2012  02:39 PM            24,576 sf_ssh.dll

11/16/2012  02:39 PM            28,672 sf_ssl.dll

              14 File(s)      1,138,688 bytes

 

If listing the Snort files and folders is a problem, try uninstalling Snort,
and reinstalling. If file and folder problems persist there might be a
hardware issue.

 

Best regards,

Michael...

 

WINSNORT.com Management Team Member

--

****************** Established ~ 2001 *******************

*          Visit Us @  <http://www.winsnort.com/> http://www.winsnort.com
*

*      ~~ FREE WinIDS Snort installation guides ~~      *

*               ~~ FREE support forums ~~               *

* Snort: Open Source Network IDS -  <http://www.snort.org/>
http://www.snort.org *

*********************************************************

 

From: Natalie Woh [mailto:lunchisserved at ...125...] 
Sent: Sunday, December 30, 2012 1:24 AM
To: michaels at ...9077... <mailto:michaels at ...9077...> ;
snort-devel at lists.sourceforge.net <mailto:snort-devel at lists.sourceforge.net>

Subject: RE: [Snort-devel] Snort Configuration Problems

 

Hi Michael 

 

Thank you for your reply.

I think I am missing some file. When I ran Snort in IDS mode, I got this
message:

ERROR: c:\snort\etc\snort.conf(253) Could not stat dynamic module path
"c:\snort

\lib\snort_dynamicrules": No such file or directory.

 

I hope to hear from you at your earliest convenience.

 

Thank you for your time.

 

Best Regards

Natalie

 

  _____  

From: michaels at ...9077... <mailto:michaels at ...9077...> 
To: lunchisserved at ...125... <mailto:lunchisserved at ...125...> ;
snort-devel at lists.sourceforge.net <mailto:snort-devel at lists.sourceforge.net>

Subject: RE: [Snort-devel] Snort Configuration Problems
Date: Sat, 29 Dec 2012 16:44:01 -0500

Natalie,

 

Original Line(s): dynamicpreprocessor directory
/usr/local/lib/snort_dynamicpreprocessor/
Change to: dynamicpreprocessor directory
c:\snort\lib\snort_dynamicpreprocessor

 

Best regards,

Michael...

 

WINSNORT.com Management Team Member

--

****************** Established ~ 2001 *******************

*          Visit Us @  <http://www.winsnort.com/> http://www.winsnort.com
*

*      ~~ FREE WinIDS Snort installation guides ~~      *

*               ~~ FREE support forums ~~               *

* Snort: Open Source Network IDS -  <http://www.snort.org/>
http://www.snort.org *

*********************************************************

 

From: Natalie Woh [mailto:lunchisserved at ...125...] 
Sent: Wednesday, December 26, 2012 1:27 AM
To: snort-devel at lists.sourceforge.net
<mailto:snort-devel at lists.sourceforge.net> 
Subject: [Snort-devel] Snort Configuration Problems

 

Dear Sir/Mdm

 

I am experiencing problems configuring Snort.

 

I typed "dir" and got this message:

C:\Snort\bin>dir

 Volume in drive C has no label.

 Volume Serial Number is 4EC9-0980

 

 Directory of C:\Snort\bin

 

05/12/2012  02:47 PM    <DIR>          .

05/12/2012  02:47 PM    <DIR>          ..

24/06/2010  09:58 PM            54,784 npptools.dll

02/11/2010  02:16 AM           274,489 ntwdblib.dll

02/11/2010  02:16 AM           262,226 Packet.dll

03/12/2003  11:22 PM            94,208 pcre.dll

01/08/2012  01:34 AM         1,167,360 snort.exe

02/11/2010  02:16 AM            53,326 WanPacket.dll

25/06/2010  01:41 AM           258,126 wpcap.dll

28/01/2010  05:50 AM            73,728 zlib1.dll

               8 File(s)      2,238,247 bytes

               2 Dir(s)  229,230,264,320 bytes free

 

While running Snort in IDS mode, I got this message:

Initializing Output Plugins!

Initializing Preprocessors!

Initializing Plug-ins!

Parsing Rules file "C:\Snort\etc\snort.conf"

PortVar 'HTTP_PORTS' defined :  [ 80:81 311 591 593 901 1220 1414 1830 2301
2381

 2809 3128 3702 4343 5250 7001 7145 7510 7777 7779 8000 8008 8014 8028 8080
8088

 8118 8123 8180:8181 8243 8280 8800 8888 8899 9080 9090:9091 9443 9999 11371
555

55 ]

PortVar 'SHELLCODE_PORTS' defined :  [ 0:79 81:65535 ]

PortVar 'ORACLE_PORTS' defined :  [ 1024:65535 ]

PortVar 'SSH_PORTS' defined :  [ 22 ]

PortVar 'FTP_PORTS' defined :  [ 21 2100 3535 ]

PortVar 'SIP_PORTS' defined :  [ 5060:5061 5600 ]

PortVar 'FILE_DATA_PORTS' defined :  [ 80:81 110 143 311 591 593 901 1220
1414 1

830 2301 2381 2809 3128 3702 4343 5250 7001 7145 7510 7777 7779 8000 8008
8014 8

028 8080 8088 8118 8123 8180:8181 8243 8280 8800 8888 8899 9080 9090:9091
9443 9

999 11371 55555 ]

PortVar 'GTP_PORTS' defined :  [ 2123 2152 3386 ]

Detection:

   Search-Method = AC-Full-Q

    Split Any/Any group = enabled

    Search-Method-Optimizations = enabled

    Maximum pattern length = 20

ERROR: C:\Snort\etc\snort.conf(247) Could not stat dynamic module path
"c:snort\

lib\snort_dynamicpreprocessor": No such file or directory.

 

Fatal Error, Quitting..

Could not create the registry key.

 

I hope to hear from you at your earliest convenience.

 

Thank you for your time.

 

Best Regards

Natalie

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130102/e549f14a/attachment.html>


More information about the Snort-users mailing list