|
|
|
|
Snort Forums Archive
Archive Home » Windows » problem running in snort on windows xp
Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.
[ Notice: Full Version of This Topic ]
problem running in snort on windows xp
Posted by azfar on January 31, 2007 00:52:50
I am trying to run snort on windows xp sp2 for that i install winpcap 2.3, snort 2.3.3. then run snort like this
snort -l C:\Snort\Log -c C:\Snort\etc\snort.conf -A console
then i ping my box from external network like that
ping -l 45678 my.snort.box
snort doesnt detect it no alert.
Then I add rule as follow
alert udp any any <> any 27015 (msg: "udp replace";content: "\"\\\""; replace: " ";)
it return an error that
alert udp any any <> any 27015 (msg: "udp replace";content: "\"\\\""; replace: " ";)
where i am worng any place to find detailed guide for windows installation
|
|
Posted by azfar on January 31, 2007 00:53:28
sorry the error was
ERROR: Warning: ../rules/cs.rules(10) => Unknown keyword ' replace' in rule! |
|
Posted by azfar on January 31, 2007 01:49:55
actualt i want to block this content
$q=$cmd."connect 47 $c2 \"\\prot\\4\\unique\\0\\raw\\valve\\cdkey\\f0ef8a36258af1bb64ed866538c9db76\"\"\\\"\0\0";
Its a script to crash hlds servers |
|
Posted by ph4tp1g on January 31, 2007 15:10:44
Try this
snort -v -ix x= interface
if you do not know the interface number, do this
snort -W MUST be capital
This will show all interfaces
Then run snort -v -i2 if 2 was the correct interface
Now from the snort box open a webpage. If configured correctly you will see some action. :-) |
|
|
|
|
|
