No subject


Thu Nov 23 16:36:19 EST 2017


you want.  The only thing is you aren't seeing any packets go by on the
interface you are listening to.  

Run 'snort -W' to list all the available interfaces and make sure you are
listening to the interface you want by running 'snort -dv -i #' where # is
the number of the interface you want to listen on.  

Also, try generating some traffic on your local box to make sure you are
seeing things go by.

Tyler

--__--__--

Message: 1
Date: Tue, 5 Aug 2003 15:37:13 -0700 (PDT)
From: Ravi Malghan <rmalghan at ...131...>
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] newbie question

Hi: i just installed snort and winpcap on a w2K OS. I
have not made any changes. When I run snort.exe -dv,
it just hangs there. I donot see any packets. I donot
see any way to debug and see whatz happening. I tried
pinging and telnetting to the host when this was
running. What am I missing here.

Thanks in advance.
RM
=================
C:\PROGS\Snort\bin>snort.exe -dv
Running in packet dump mode
Log directory = log

Initializing Network Interface
\Device\NPF_{C66249AC-E359-47DE-AF1D-DA41B5B303CE
}

        --== Initializing Snort ==--
Initializing Output Plugins!
Decoding Ethernet on interface
\Device\NPF_{C66249AC-E359-47DE-AF1D-DA41B5B303CE
}

        --== Initialization Complete ==--

-*> Snort! <*-
Version 2.0.1-ODBC-MySQL-FlexRESP-WIN32 (Build 88)
By Martin Roesch (roesch at ...1935...,
www.snort.org)
1.7-WIN32 Port By Michael Davis (mike at ...92...,
www.datanerds.net/~mike)
1.8 - 2.0 WIN32 Port By Chris Reid
(chris.reid at ...3029...)

========================


------_=_NextPart_001_01C35C15.7F5D5EC0
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; charset=3Diso-8859-=
1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version 5.5.2653.12">
<TITLE>RE: newbie question</TITLE>
</HEAD>
<BODY>

<P><FONT SIZE=3D2>From the output below, Snort probably isn't hanging...its=
 doing exactly what you want.  The only thing is you aren't seeing any=
 packets go by on the interface you are listening to.  </FONT></P>

<P><FONT SIZE=3D2>Run 'snort -W' to list all the available interfaces and m=
ake sure you are listening to the interface you want by running 'snort -dv =
-i #' where # is the number of the interface you want to listen on.  <=
/FONT></P>

<P><FONT SIZE=3D2>Also, try generating some traffic on your local box to ma=
ke sure you are seeing things go by.</FONT>
</P>

<P><FONT SIZE=3D2>Tyler</FONT>
</P>

<P><FONT SIZE=3D2>--__--__--</FONT>
</P>

<P><FONT SIZE=3D2>Message: 1</FONT>
<BR><FONT SIZE=3D2>Date: Tue, 5 Aug 2003 15:37:13 -0700 (PDT)</FONT>
<BR><FONT SIZE=3D2>From: Ravi Malghan <rmalghan at ...131...></FONT>
<BR><FONT SIZE=3D2>To: snort-users at lists.sourceforge.net</FONT>
<BR><FONT SIZE=3D2>Subject: [Snort-users] newbie question</FONT>
</P>

<P><FONT SIZE=3D2>Hi: i just installed snort and winpcap on a w2K OS. I</FO=
NT>
<BR><FONT SIZE=3D2>have not made any changes. When I run snort.exe -dv,</FO=
NT>
<BR><FONT SIZE=3D2>it just hangs there. I donot see any packets. I donot</F=
ONT>
<BR><FONT SIZE=3D2>see any way to debug and see whatz happening. I tried</F=
ONT>
<BR><FONT SIZE=3D2>pinging and telnetting to the host when this was</FONT>
<BR><FONT SIZE=3D2>running. What am I missing here.</FONT>
</P>

<P><FONT SIZE=3D2>Thanks in advance.</FONT>
<BR><FONT SIZE=3D2>RM</FONT>
<BR><FONT SIZE=3D2>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</FON=
T>
<BR><FONT SIZE=3D2>C:\PROGS\Snort\bin>snort.exe -dv</FONT>
<BR><FONT SIZE=3D2>Running in packet dump mode</FONT>
<BR><FONT SIZE=3D2>Log directory =3D log</FONT>
</P>

<P><FONT SIZE=3D2>Initializing Network Interface</FONT>
<BR><FONT SIZE=3D2>\Device\NPF_{C66249AC-E359-47DE-AF1D-DA41B5B303CE</FONT>
<BR><FONT SIZE=3D2>}</FONT>
</P>

<P><FONT SIZE=3D2>        --=3D=3D Initi=
alizing Snort =3D=3D--</FONT>
<BR><FONT SIZE=3D2>Initializing Output Plugins!</FONT>
<BR><FONT SIZE=3D2>Decoding Ethernet on interface</FONT>
<BR><FONT SIZE=3D2>\Device\NPF_{C66249AC-E359-47DE-AF1D-DA41B5B303CE</FONT>
<BR><FONT SIZE=3D2>}</FONT>
</P>

<P><FONT SIZE=3D2>        --=3D=3D Initi=
alization Complete =3D=3D--</FONT>
</P>

<P><FONT SIZE=3D2>-*> Snort! <*-</FONT>
<BR><FONT SIZE=3D2>Version 2.0.1-ODBC-MySQL-FlexRESP-WIN32 (Build 88)</FONT>
<BR><FONT SIZE=3D2>By Martin Roesch (roesch at ...1935...,</FONT>
<BR><FONT SIZE=3D2>www.snort.org)</FONT>
<BR><FONT SIZE=3D2>1.7-WIN32 Port By Michael Davis (mike at ...92...,</FONT>
<BR><FONT SIZE=3D2>www.datanerds.net/~mike)</FONT>
<BR><FONT SIZE=3D2>1.8 - 2.0 WIN32 Port By Chris Reid</FONT>
<BR><FONT SIZE=3D2>(chris.reid at ...3029...)</FONT>
</P>

<P><FONT SIZE=3D2>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</FONT>
</P>

</BODY>
</HTML>=

------_=_NextPart_001_01C35C15.7F5D5EC0--




More information about the Snort-users mailing list