[Snort-users] Continuous packet streaming on boot of CentOS 6.3 64 bit

Mayur Patil ram.nath241089 at ...11827...
Wed Jun 12 02:01:32 EDT 2013


hello,

  Now I am able to login into my CentOS system.

  Could anyone tell me what changes should I have to do there??
*
--
Cheers,
Mayur*

On Tue, Jun 11, 2013 at 2:39 PM, Russ Combs <rcombs at ...1935...> wrote:

>
>
> On Tue, Jun 11, 2013 at 4:57 AM, Mayur Patil <ram.nath241089 at ...11827...>wrote:
>
>> Problem is that when I connect cable I am able to ping to machine but
>> still unable to ssh.
>>
>> When I try to do ssh from other machine, it says connection refused.
>>
>> Now I connect the cable and reboot system. When the system starts, it
>> automatically starts
>>
>> checking packets i.e. packet dump mode.
>>
>> I think Snort script is preventing CentOS to boot as GUI as well as CLI.
>>
>
> Most likely you system is just slow to respond to your input because it is
> bogged down dumping packets.
>
>>
>> I am pretty sure that this is Snort script problem.
>>
>
> Yes, and the solution is to disable the script or fix it as I explained
> earlier by adding a snort.conf to Snort's command line.  Adding a conf will
> allow Snort to inspect the traffic and output any alerts instead of dumping
> all the packets.
>
>>
>> Now what to do ??
>>
>
> Until you get Snort configured to do what you want, I suggest disabling
> the script from start up.  That depends on how you enabled the script.
>
>>
>> Please correct if I am wrong !!
>>
>> Seeking for your guidance,
>>
>> Thanks !!
>>
>> --
>> *Cheers,
>> Mayur*.
>>
>> On Tue, Jun 11, 2013 at 2:09 PM, Russ Combs <rcombs at ...1935...>wrote:
>>
>>>
>>>
>>> On Tue, Jun 11, 2013 at 4:26 AM, Mayur Patil <ram.nath241089 at ...11827...>wrote:
>>>
>>>> The snort message is as follows:
>>>>
>>>> Initializing output plugins !!
>>>>
>>>> pcap DAQ is configured to passive.
>>>>
>>>> Acquiring network traffic from "eth0"
>>>>
>>>> Decoding ethernet
>>>>
>>>>     --==Initialization Complete==--
>>>>
>>>> SNort
>>>> .
>>>> .
>>>> .
>>>> . //messages of version number
>>>> .
>>>> .
>>>> .
>>>>
>>>> Commencing packet processing (pid=1668)
>>>>
>>>> and stopped there !!
>>>>
>>>> I have unplugged n/w cable and got above output.
>>>>
>>>> Does "shell in" means getting grub console then yes !!
>>>>
>>>
>>> I meant ssh but if unplugging the cable works, that's great.
>>>
>>>>
>>>> I can get grub console.
>>>>
>>>> Looking forward for guidance,
>>>>
>>>
>>> I'm guessing that you are still in packet dump mode and that you really
>>> want IDS mode.  Do you know what the command line arguments to Snort are?
>>>  If it is running now you can do something like "ps alx | grep snort" to
>>> see.  You need to add -c snort.conf to run in IDS mode.
>>>
>>>> **
>>>> On Tue, Jun 11, 2013 at 1:45 PM, Russ Combs <rcombs at ...1935...>wrote:
>>>>
>>>>>
>>>>>
>>>>> On Tue, Jun 11, 2013 at 4:12 AM, Mayur Patil <ram.nath241089 at ...11827...
>>>>> > wrote:
>>>>>
>>>>>> Thanks Russ sir for reply.
>>>>>>
>>>>>> My problem is I am unable to log into command line mode  i.e.
>>>>>> Ctrl+Alt+F2
>>>>>>
>>>>>> and also GUI mode of CentOS. And after that I have to add this path.
>>>>>>
>>>>>> Would you please guide me how to do that it will be a great help !!
>>>>>>
>>>>>> Can you shell in?  If that doesn't work, try unplugging your network
>>>>> cable(s).
>>>>>
>>>>>
>>>>>> Thank you !!
>>>>>> --
>>>>>> *Cheers,
>>>>>> Mayur*.
>>>>>>
>>>>>> On Tue, Jun 11, 2013 at 1:33 PM, Russ Combs <rcombs at ...1935...>wrote:
>>>>>>
>>>>>>> On Tue, Jun 11, 2013 at 3:41 AM, Mayur Patil <
>>>>>>> ram.nath241089 at ...11827...> wrote:
>>>>>>>
>>>>>>>> Hello,
>>>>>>>>
>>>>>>>>  I am seeing something like this
>>>>>>>>
>>>>>>>>  *06/11 11:0246  10.1.46.123:136 -> 10.1.46.255:137*
>>>>>>>>  * UDP:TTL :128 TOS:8 ID:20 IpLen:20 DgmLen:78 Len:50
>>>>>>>>
>>>>>>>> * in continuous streaming of packets.
>>>>>>>> *
>>>>>>>> *
>>>>>>>> * *Now I am sure that this is the Snort startup script
>>>>>>>> problem.....!!
>>>>>>>>
>>>>>>>>  At the starting I have seen message  *starting snort in packet
>>>>>>>> dump mode*
>>>>>>>>
>>>>>>>>  Please help how to disable this mode or disable snort script from
>>>>>>>> loading at boot time??
>>>>>>>>
>>>>>>>
>>>>>>> *Running in packet dump mode is because you don't have a "-c
>>>>>>> path/snort.conf" option on your command line. *
>>>>>>>
>>>>>>>>
>>>>>>>> On Tue, Jun 11, 2013 at 11:00 AM, Mayur Patil <
>>>>>>>> ram.nath241089 at ...11827...> wrote:
>>>>>>>>
>>>>>>>>> Hello,
>>>>>>>>>
>>>>>>>>>    I have stuck on one issue. I am unable to see either GUI or CLI
>>>>>>>>> for CentOS 6.3.
>>>>>>>>>
>>>>>>>>>    Description as follows:
>>>>>>>>>
>>>>>>>>>    I was just checking my snort script on centos machine
>>>>>>>>> yesterday. So I left machine as it is.
>>>>>>>>>
>>>>>>>>>    When I come today, screen location has changed on desktop so I
>>>>>>>>> adjusted and reboot.
>>>>>>>>>
>>>>>>>>>    When I reboot it takes much time to boot, so I press any key on
>>>>>>>>> keyboard it shows
>>>>>>>>>
>>>>>>>>>    fast continuous streaming, no idea of what, seems like to be
>>>>>>>>> many packets
>>>>>>>>>
>>>>>>>>>    Somewhat
>>>>>>>>>
>>>>>>>>>    UDP---TLS-----255.255.255.0 ------------------->
>>>>>>>>>
>>>>>>>>>     like this. When I try to load the Ctrl+Alt+f2 nothing happens.
>>>>>>>>>
>>>>>>>>>     I am also unable to login through Putty but I am able to ping
>>>>>>>>> the machine.
>>>>>>>>>
>>>>>>>>>     How to stop this packet steaming??
>>>>>>>>>
>>>>>>>>
>>>>>>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130612/449de47b/attachment.html>


More information about the Snort-users mailing list