[Snort-users] Continuous packet streaming on boot of CentOS 6.3 64 bit

Mayur Patil ram.nath241089 at ...11827...
Tue Jun 11 04:57:07 EDT 2013


Problem is that when I connect cable I am able to ping to machine but still
unable to ssh.

When I try to do ssh from other machine, it says connection refused.

Now I connect the cable and reboot system. When the system starts, it
automatically starts

checking packets i.e. packet dump mode.

I think Snort script is preventing CentOS to boot as GUI as well as CLI.

I am pretty sure that this is Snort script problem.

Now what to do ??

Please correct if I am wrong !!

Seeking for your guidance,

Thanks !!

-- 
*Cheers,
Mayur*.

On Tue, Jun 11, 2013 at 2:09 PM, Russ Combs <rcombs at ...1935...> wrote:

>
>
> On Tue, Jun 11, 2013 at 4:26 AM, Mayur Patil <ram.nath241089 at ...11827...>wrote:
>
>> The snort message is as follows:
>>
>> Initializing output plugins !!
>>
>> pcap DAQ is configured to passive.
>>
>> Acquiring network traffic from "eth0"
>>
>> Decoding ethernet
>>
>>     --==Initialization Complete==--
>>
>> SNort
>> .
>> .
>> .
>> . //messages of version number
>> .
>> .
>> .
>>
>> Commencing packet processing (pid=1668)
>>
>> and stopped there !!
>>
>> I have unplugged n/w cable and got above output.
>>
>> Does "shell in" means getting grub console then yes !!
>>
>
> I meant ssh but if unplugging the cable works, that's great.
>
>>
>> I can get grub console.
>>
>> Looking forward for guidance,
>>
>
> I'm guessing that you are still in packet dump mode and that you really
> want IDS mode.  Do you know what the command line arguments to Snort are?
>  If it is running now you can do something like "ps alx | grep snort" to
> see.  You need to add -c snort.conf to run in IDS mode.
>
>> **
>> On Tue, Jun 11, 2013 at 1:45 PM, Russ Combs <rcombs at ...1935...>wrote:
>>
>>>
>>>
>>> On Tue, Jun 11, 2013 at 4:12 AM, Mayur Patil <ram.nath241089 at ...11827...>wrote:
>>>
>>>> Thanks Russ sir for reply.
>>>>
>>>> My problem is I am unable to log into command line mode  i.e.
>>>> Ctrl+Alt+F2
>>>>
>>>> and also GUI mode of CentOS. And after that I have to add this path.
>>>>
>>>> Would you please guide me how to do that it will be a great help !!
>>>>
>>>> Can you shell in?  If that doesn't work, try unplugging your network
>>> cable(s).
>>>
>>>
>>>> Thank you !!
>>>> --
>>>> *Cheers,
>>>> Mayur*.
>>>>
>>>> On Tue, Jun 11, 2013 at 1:33 PM, Russ Combs <rcombs at ...1935...>wrote:
>>>>
>>>>> On Tue, Jun 11, 2013 at 3:41 AM, Mayur Patil <ram.nath241089 at ...11827...
>>>>> > wrote:
>>>>>
>>>>>> Hello,
>>>>>>
>>>>>>  I am seeing something like this
>>>>>>
>>>>>>  *06/11 11:0246  10.1.46.123:136 -> 10.1.46.255:137*
>>>>>>  * UDP:TTL :128 TOS:8 ID:20 IpLen:20 DgmLen:78 Len:50
>>>>>>
>>>>>> * in continuous streaming of packets.
>>>>>> *
>>>>>> *
>>>>>> * *Now I am sure that this is the Snort startup script
>>>>>> problem.....!!
>>>>>>
>>>>>>  At the starting I have seen message  *starting snort in packet dump
>>>>>> mode*
>>>>>>
>>>>>>  Please help how to disable this mode or disable snort script from
>>>>>> loading at boot time??
>>>>>>
>>>>>
>>>>> *Running in packet dump mode is because you don't have a "-c
>>>>> path/snort.conf" option on your command line. *
>>>>>
>>>>>>
>>>>>> On Tue, Jun 11, 2013 at 11:00 AM, Mayur Patil <
>>>>>> ram.nath241089 at ...11827...> wrote:
>>>>>>
>>>>>>> Hello,
>>>>>>>
>>>>>>>    I have stuck on one issue. I am unable to see either GUI or CLI
>>>>>>> for CentOS 6.3.
>>>>>>>
>>>>>>>    Description as follows:
>>>>>>>
>>>>>>>    I was just checking my snort script on centos machine yesterday.
>>>>>>> So I left machine as it is.
>>>>>>>
>>>>>>>    When I come today, screen location has changed on desktop so I
>>>>>>> adjusted and reboot.
>>>>>>>
>>>>>>>    When I reboot it takes much time to boot, so I press any key on
>>>>>>> keyboard it shows
>>>>>>>
>>>>>>>    fast continuous streaming, no idea of what, seems like to be many
>>>>>>> packets
>>>>>>>
>>>>>>>    Somewhat
>>>>>>>
>>>>>>>    UDP---TLS-----255.255.255.0 ------------------->
>>>>>>>
>>>>>>>     like this. When I try to load the Ctrl+Alt+f2 nothing happens.
>>>>>>>
>>>>>>>     I am also unable to login through Putty but I am able to ping
>>>>>>> the machine.
>>>>>>>
>>>>>>>     How to stop this packet steaming??
>>>>>>>
>>>>>>>     Need help please!!
>>>>>>>
>>>>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130611/685e033f/attachment.html>


More information about the Snort-users mailing list