[Snort-users] Continuous packet streaming on boot of CentOS 6.3 64 bit

Russ Combs rcombs at ...1935...
Tue Jun 11 04:03:07 EDT 2013


On Tue, Jun 11, 2013 at 3:41 AM, Mayur Patil <ram.nath241089 at ...11827...>wrote:

> Hello,
>
>  I am seeing something like this
>
>  *06/11 11:0246  10.1.46.123:136 -> 10.1.46.255:137*
> * UDP:TTL :128 TOS:8 ID:20 IpLen:20 DgmLen:78 Len:50
>
> * in continuous streaming of packets.
> *
> *
> * *Now I am sure that this is the Snort startup script problem.....!!
>
>  At the starting I have seen message  *starting snort in packet dump mode*
>
>  Please help how to disable this mode or disable snort script from loading
> at boot time??
>

Running in packet dump mode is because you don't have a "-c
path/snort.conf" option on your command line.

>
> On Tue, Jun 11, 2013 at 11:00 AM, Mayur Patil <ram.nath241089 at ...11827...>wrote:
>
>> Hello,
>>
>>    I have stuck on one issue. I am unable to see either GUI or CLI for
>> CentOS 6.3.
>>
>>    Description as follows:
>>
>>    I was just checking my snort script on centos machine yesterday. So I
>> left machine as it is.
>>
>>    When I come today, screen location has changed on desktop so I
>> adjusted and reboot.
>>
>>    When I reboot it takes much time to boot, so I press any key on
>> keyboard it shows
>>
>>    fast continuous streaming, no idea of what, seems like to be many
>> packets
>>
>>    Somewhat
>>
>>    UDP---TLS-----255.255.255.0 ------------------->
>>
>>     like this. When I try to load the Ctrl+Alt+f2 nothing happens.
>>
>>     I am also unable to login through Putty but I am able to ping the
>> machine.
>>
>>     How to stop this packet steaming??
>>
>>     Need help please!!
>>
>>     Thanks !!
>>
> --
> *Cheers,
> Mayur*.
>
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Windows:
>
> Build for Windows Store.
>
> http://p.sf.net/sfu/windows-dev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130611/3228c340/attachment.html>


More information about the Snort-users mailing list