[Snort-users] Stuck at Commencing Packet Processing

Steve Gantz stephen.gantz at ...16854...
Mon Feb 16 19:59:15 EST 2015


You won't get anything from Snort if you are listening on a disabled interface (which is what your screenshot shows for interfaces 1 and 2). Try starting Snort with -i 3 and see if the results are different. You might consider just directing output to the screen (with -A console) while you are testing and save the syslog output for later. Also, the command shell window isn't "stuck" - unless you direct output to the screen the commencing packet processing is the last thing you will see when you start Snort successfully. Your startup command uses the -s option so j assume you intend to sent alerts to a syslog server. 

Dr. Stephen D. Gantz, CISSP-ISSAP, CEH, CGEIT, CRISC, CIPP/G, C|CISO

Professor of Information Assurance

The Graduate School

University of Maryland University College

stephen.gantz at ...16854...



> On Feb 16, 2015, at 2:04 PM, Lena Okanovic <lokanovic at ...17094...> wrote:
> 
> ​Hello,
> 
> I am new to Snort. I just recently downloaded and installed it on Windows 2008 box. I got the WinPcap and rules installed per instructions found on the internet. I also configured the snort.conf file to use Snort as IDS. Testing results come back without any errors. However, when I execute snort.exe -i1 -s -l C:\snort\log\ -c C:\Snort\etc\snort.conf I get no log created and the cmd prompt is stuck at Commencing Packet Processing
> 
> <pastedImage.png>
> 
> 
> I also chose Interface 1 because of my configuration. 1 and 2 have no IP and 3 is my management interface with IP settings assigned.
> 
> <pastedImage.png>
> 
> 
> What am I doing wrong? Oh, also, in the config file I left 'any' for the HOME_NET address.
> 
> 
> Thank you!
> 
> 
> 
> 
> 
> 
> 
> ------------------------------------------------------------------------------
> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
> with Interactivity, Sharing, Native Excel Exports, App Integration & more
> Get technology previously reserved for billion-dollar corporations, FREE
> http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150216/ae3bc781/attachment.html>


More information about the Snort-users mailing list