[Snort-users] how enable icmp snort-2.9.6.1
hernani
coelho.hernani at ...16858...
Tue Jun 17 09:03:12 EDT 2014
Em 17-06-2014 11:39, hernani escreveu:
>
>> hello,
>>
>> i put preprocessor and error disappear but snort dont detect icmp.
>>
>>
>> this is preprocessor portscan
>>
>>
>> preprocessor sfportscan: proto { all } scan_type { all } memcap {
>> 10000000 } sense_level { High }
>>
>>
>>
>> and this
>>
>> preprocessor stream5_global: track_tcp yes, \
>> track_udp yes, \
>> track_icmp yes, \
>> max_tcp 262144, \
>> max_udp 131072, \
>> max_active_responses 2, \
>> min_response_seconds 5
>> Preprocessor stream5_icmp:
>>
>> thanks
>>
>> hernani coelho
>>
>>
> hello,
> *when i make this command --->* sudo /usr/local/snort/bin/snort -A
> console -u snort -g snort -c /usr/local/snort/etc/snort.conf -i wlan0
>
> *i get this error ---> *WARNING: Stream5 ICMP misconfigured (policy 0).
> ERROR: Stream5 not properly configured... exiting
> Fatal Error, Quitting..
>
>
>
hello,
i make progress , when i make this command ---> sudo
/usr/local/snort/bin/snort -A console -u snort -g snort -c
/etc/snort/snort.conf -i wlan0
give this --->
Packet I/O Totals:
Received: 37
Analyzed: 37 (100.000%)
Dropped: 0 ( 0.000%)
Filtered: 0 ( 0.000%)
Outstanding: 0 ( 0.000%)
Injected: 0
===============================================================================
Breakdown by protocol (includes rebuilt packets):
Eth: 37 (100.000%)
VLAN: 0 ( 0.000%)
IP4: 37 (100.000%)
Frag: 0 ( 0.000%)
*ICMP: 20 ( 54.054%)*
UDP: 2 ( 5.405%)
TCP: 15 ( 40.541%)
IP6: 0 ( 0.000%)
IP6 Ext: 0 ( 0.000%)
IP6 Opts: 0 ( 0.000%)
Frag6: 0 ( 0.000%)
ICMP6: 0 ( 0.000%)
UDP6: 0 ( 0.000%)
TCP6: 0 ( 0.000%)
Teredo: 0 ( 0.000%)
ICMP-IP: 0 ( 0.000%)
IP4/IP4: 0 ( 0.000%)
IP4/IP6: 0 ( 0.000%)
IP6/IP4: 0 ( 0.000%)
IP6/IP6: 0 ( 0.000%)
GRE: 0 ( 0.000%)
GRE Eth: 0 ( 0.000%)
GRE VLAN: 0 ( 0.000%)
GRE IP4: 0 ( 0.000%)
GRE IP6: 0 ( 0.000%)
GRE IP6 Ext: 0 ( 0.000%)
GRE PPTP: 0 ( 0.000%)
GRE ARP: 0 ( 0.000%)
GRE IPX: 0 ( 0.000%)
GRE Loop: 0 ( 0.000%)
MPLS: 0 ( 0.000%)
ARP: 0 ( 0.000%)
IPX: 0 ( 0.000%)
Eth Loop: 0 ( 0.000%)
Eth Disc: 0 ( 0.000%)
IP4 Disc: 0 ( 0.000%)
IP6 Disc: 0 ( 0.000%)
TCP Disc: 0 ( 0.000%)
UDP Disc: 0 ( 0.000%)
ICMP Disc: 0 ( 0.000%)
All Discard: 0 ( 0.000%)
Other: 0 ( 0.000%)
Bad Chk Sum: 0 ( 0.000%)
Bad TTL: 0 ( 0.000%)
S5 G 1: 0 ( 0.000%)
S5 G 2: 0 ( 0.000%)
Total: 37
===============================================================================
Action Stats:
Alerts: 0 ( 0.000%)
Logged: 0 ( 0.000%)
Passed: 0 ( 0.000%)
Limits:
Match: 0
Queue: 0
Log: 0
Event: 0
Alert: 0
Verdicts:
Allow: 22 ( 59.459%)
Block: 0 ( 0.000%)
Replace: 0 ( 0.000%)
Whitelist: 15 ( 40.541%)
Blacklist: 0 ( 0.000%)
Ignore: 0 ( 0.000%)
===============================================================================
Frag3 statistics:
Total Fragments: 0
Frags Reassembled: 0
Discards: 0
Memory Faults: 0
Timeouts: 0
Overlaps: 0
Anomalies: 0
Alerts: 0
Drops: 0
FragTrackers Added: 0
FragTrackers Dumped: 0
FragTrackers Auto Freed: 0
Frag Nodes Inserted: 0
Frag Nodes Deleted: 0
===============================================================================
Stream5 statistics:
Total sessions: 1
TCP sessions: 0
UDP sessions: 1
ICMP sessions: 0
IP sessions: 0
TCP Prunes: 0
UDP Prunes: 0
ICMP Prunes: 0
IP Prunes: 0
TCP StreamTrackers Created: 0
TCP StreamTrackers Deleted: 0
TCP Timeouts: 0
TCP Overlaps: 0
TCP Segments Queued: 0
TCP Segments Released: 0
TCP Rebuilt Packets: 0
TCP Segments Used: 0
TCP Discards: 0
TCP Gaps: 0
UDP Sessions Created: 1
UDP Sessions Deleted: 1
UDP Timeouts: 0
UDP Discards: 0
Events: 0
Internal Events: 0
TCP Port Filter
Filtered: 0
Inspected: 0
Tracked: 0
UDP Port Filter
Filtered: 0
Inspected: 0
Tracked: 1
==============================
*so snort detect icmp but not put in BASE*
can someone help me??
hernani
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140617/e0238ced/attachment.html>
More information about the Snort-users
mailing list