Snort.org home  
Got Source? About Snort About Sourcefire Snort FAQ
Sourcefire Network Security - the creators of Snort
Snort News Downloads Snort Docs Rules Snort Community Snort Forums Snort Training
Search Site
Search Rules
Account
email
password
not registered?
user preferences

Snort Forums Archive

Archive Home » Snort Newbies » How can I tell if it is working?

Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.

[ Notice: Full Version of This Topic ]

How can I tell if it is working?


Posted by Sm00sh on March 10, 2005 14:28:17

I have snort up and running with winpcap 3.0, and using IDScenter 1.1 as a gui interface. Everything appears to be working but i don't really see any activity being logged other than system stuff. I would think winpcap is working correctly otherwise nmap or snort wouldn't work at all right? One thing that bothers me though is that when i look in protocols for the interface I am using, i don't see any entry for winpcap in there to select or deselect. I have tried to use both versions of windump and they failed. I am using XP Pro. Anyone else run into this issue?

Thank you,

Sm00sh

Posted by roesch on March 11, 2005 18:33:29

Hi Smoosh,

Try running snort in sniffer mode (snort -dv) and see if it prints packets to the screen. If you see packets then it's working fine...

-Marty


site feedback | Terms of Use | Privacy Policy | forum archives ©2008 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved.