Snort.org home  
Got Source? About Snort About Sourcefire Snort FAQ
Sourcefire Network Security - the creators of Snort
Snort News Downloads Snort Docs Rules Snort Community Snort Forums Snort Training
Search Site
Search Rules
Account
email
password
not registered?
user preferences

Snort Forums Archive

Archive Home » Windows » quick answer needed

Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.

[ Notice: Full Version of This Topic ]

quick answer needed


Posted by PRIYO on January 24, 2007 07:01:07

so atlast, i've tried to use snort with cmd..

here's my situation,
i use xp sp1, i use adsl connection for internet, but currently i haven't try snort in my network, so i used my single comp to run snort..and this is what i get..

C:\Snort\bin>snort -v
Running in packet dump mode

--== Initializing Snort ==--
Initializing Output Plugins!
Var '\Device\NPF_{8EC8A8FB-9E7B-4E1D-A697-XXXXXXXXX}_ADDRESS' defined, value len = 25 chars, value = 192.168.1.0/255.255.255.0
Verifying Preprocessor Configurations!
***
*** interface device lookup found: \
***

Initializing Network Interface \Device\NPF_GenericDialupAdapter
Decoding Ethernet on interface \Device\NPF_GenericDialupAdapter

--== Initialization Complete ==--

,,_ -*> Snort! <*-
o" )~ Version 2.6.1.2-ODBC-MySQL-FlexRESP-WIN32 (Build 34)
'''' By Martin Roesch & The Snort Team: http://www.snort.org/team.html
(C) Copyright 1998-2006 Sourcefire Inc., et al.

Not Using PCAP_FRAMES
*** Caught Int-Signal


===============================================================================

Snort received 0 packets
Analyzed: 0(0.000%)
Dropped: 0(0.000%)
Outstanding: 0(0.000%)
===============================================================================
Breakdown by protocol:
TCP: 0 (0.000%)
UDP: 0 (0.000%)
ICMP: 0 (0.000%)
ARP: 0 (0.000%)
EAPOL: 0 (0.000%)
IPv6: 0 (0.000%)
ETHLOOP: 0 (0.000%)
IPX: 0 (0.000%)
FRAG: 0 (0.000%)
OTHER: 0 (0.000%)
DISCARD: 0 (0.000%)
===============================================================================
Action Stats:
ALERTS: 0
LOGGED: 0
PASSED: 0
===============================================================================
Snort exiting

Posted by PRIYO on January 24, 2007 07:16:15

oops i forgot, my question is, does it have to run in a network?can't i test my snort on a single computer connected to the internet?seems like snort don't read any incoming signals..or is it because my configuration?

i'd appreciate if some of the gurus here explain this step by step and clearly..

thanks in advance

Posted by Donta on January 25, 2007 02:02:25

no, you can run it on one PC using your adsl connection+snort your own PC

1. if you happen using two network cards on your PC, make sure you select the right network adapter that you use for your internet connection.
2. type from cmd : snort -W (to see details of your NIC(s))
3. if you're really using 2 adapters, use the "-ix" command to choose which adapter you'd use. replace x with the number of your applicable adapter (shown on the ouput -W command). for instance, snort -v -i1 >this command will run snort as packet sniffer on your #1 adapter.
4. voila.hope that works

Posted by PRIYO on January 25, 2007 06:06:18

reckless me. thanks mr. donta, it's working properly.
site feedback | Terms of Use | Privacy Policy | forum archives ©2008 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved.