[Snort-users] Stuck at Commencing Packet Processing

Al Lewis (allewi) allewi at ...589...
Mon Feb 16 18:44:01 EST 2015


Try running snort with the  “–Acmg –k none “  added to see if you get some ouput.

Remove the logging and see if that helps.



Albert Lewis
QA Software Engineer
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046
Phone: (office) 443.430.7112
Email: allewi at ...589...

From: Lena Okanovic [mailto:lokanovic at ...17094...]
Sent: Monday, February 16, 2015 6:38 PM
To: Al Lewis (allewi)
Cc: snort-users at lists.sourceforge.net
Subject: Re: Stuck at Commencing Packet Processing


​this is what I see when I hit ctrl-C

[cid:image003.png at ...17104...]



How do I put the interface in promiscuous mode? After adding the network adapter, I went ahead and unchecked all of the option boxes under it's properties so it's not interfering with capture of the traffic.

I did a quick WinDump and it's capturing the traffic on interface 2. However, i'm having same issues with on Snort with int 1 or 2 or 3.



Thank you,



Lena Okanovic

lokanovic at ...17094...<mailto:lokanovic at ...17094...>

925-818-9142[Image removed by sender.]

________________________________
From: Al Lewis (allewi) <allewi at ...589...>
Sent: Monday, February 16, 2015 1:51 PM
To: Lena Okanovic
Cc: snort-users at lists.sourceforge.net
Subject: RE: Stuck at Commencing Packet Processing

Hello Lena,

                What are you getting in the snort exit stats?

Are you sure that traffic is hitting the sniffing interface?
Is the interface in promiscuous mode?
Can you capture traffic off of that same interface with say tcpdump/wireshark running?

Hope this helps!

Albert Lewis
QA Software Engineer
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046
Phone: (office) 443.430.7112[Image removed by sender.]
Email: allewi at ...589...

From: Lena Okanovic [mailto:lokanovic at ...17094...]
Sent: Monday, February 16, 2015 2:04 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Stuck at Commencing Packet Processing


​Hello,

I am new to Snort. I just recently downloaded and installed it on Windows 2008 box. I got the WinPcap and rules installed per instructions found on the internet. I also configured the snort.conf file to use Snort as IDS. Testing results come back without any errors. However, when I execute snort.exe -i1 -s -l C:\snort\log\ -c C:\Snort\etc\snort.conf I get no log created and the cmd prompt is stuck at Commencing Packet Processing

[cid:image004.png at ...17104...]



I also chose Interface 1 because of my configuration. 1 and 2 have no IP and 3 is my management interface with IP settings assigned.

[cid:image005.png at ...17104...]



What am I doing wrong? Oh, also, in the config file I left 'any' for the HOME_NET address.



Thank you!












-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150216/a1257226/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ~WRD000.jpg
Type: image/jpeg
Size: 823 bytes
Desc: ~WRD000.jpg
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150216/a1257226/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 64465 bytes
Desc: image003.png
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150216/a1257226/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 80996 bytes
Desc: image004.png
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150216/a1257226/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.png
Type: image/png
Size: 47051 bytes
Desc: image005.png
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150216/a1257226/attachment-0002.png>


More information about the Snort-users mailing list