Snort mailing list archives
installation problem
From: Deepika p <dgpks1 () gmail com>
Date: Thu, 21 Jun 2012 09:39:03 -0400
Sir,
We have chosen a project on snort .but installation itself became big
problem and we have chosen windows operating system and
when we run following command in command prompt
\> snort -A console -i2 -c c:\snort\etc\snort.conf -l c:\snort\log -K ascii
We got following lines at the end
Encoded Rule Plugin SID: 16662, GID: 3 not registered properly. Disabling
this
rule.
Encoded Rule Plugin SID: 13511, GID: 3 not registered properly. Disabling
this
rule.
Encoded Rule Plugin SID: 18663, GID: 3 not registered properly. Disabling
this
rule.
Encoded Rule Plugin SID: 13969, GID: 3 not registered properly. Disabling
this
rule.
Encoded Rule Plugin SID: 20135, GID: 3 not registered properly. Disabling
this
rule.
Encoded Rule Plugin SID: 16577, GID: 3 not registered properly. Disabling
this
rule.
Encoded Rule Plugin SID: 16375, GID: 3 not registered properly. Disabling
this
rule.
Encoded Rule Plugin SID: 13475, GID: 3 not registered properly. Disabling
this
rule.
Encoded Rule Plugin SID: 15470, GID: 3 not registered properly. Disabling
this
rule.
Encoded Rule Plugin SID: 15125, GID: 3 not registered properly. Disabling
this
rule.
Encoded Rule Plugin SID: 15503, GID: 3 not registered properly. Disabling
this
rule.
Encoded Rule Plugin SID: 13954, GID: 3 not registered properly. Disabling
this
rule.
Encoded Rule Plugin SID: 16237, GID: 3 not registered properly. Disabling
this
rule.
Encoded Rule Plugin SID: 16182, GID: 3 not registered properly. Disabling
this
rule.
Encoded Rule Plugin SID: 16534, GID: 3 not registered properly. Disabling
this
rule.
Encoded Rule Plugin SID: 13287, GID: 3 not registered properly. Disabling
this
rule.
Verifying Preprocessor Configurations!
ICMP tracking disabled, no ICMP sessions allocated
IP tracking disabled, no IP sessions allocated
WARNING: flowbits key 'file.cdr' is checked but not ever set.
WARNING: flowbits key 'file.chm' is set but not ever checked.
WARNING: flowbits key 'file.xul' is set but not ever checked.
WARNING: flowbits key 'file.smil' is set but not ever checked.
WARNING: flowbits key 'file.emf' is set but not ever checked.
WARNING: flowbits key 'file.jarpack' is set but not ever checked.
WARNING: flowbits key 'file.universalbinary' is set but not ever checked.
WARNING: flowbits key 'file.gif' is set but not ever checked.
WARNING: flowbits key 'file.pdf' is set but not ever checked.
WARNING: flowbits key 'file.png' is set but not ever checked.
WARNING: flowbits key 'file.doc' is set but not ever checked.
WARNING: flowbits key 'file.zip' is set but not ever checked.
WARNING: flowbits key 'file.rtf' is set but not ever checked.
WARNING: flowbits key 'file.xbm' is set but not ever checked.
WARNING: flowbits key 'file.sln' is set but not ever checked.
WARNING: flowbits key 'file.xm' is set but not ever checked.
WARNING: flowbits key 'file.caff' is set but not ever checked.
WARNING: flowbits key 'file.wmv' is set but not ever checked.
WARNING: flowbits key 'file.swf' is set but not ever checked.
WARNING: flowbits key 'tlsv1.server_hello.request' is checked but not ever
set.
WARNING: flowbits key 'file.addin' is set but not ever checked.
WARNING: flowbits key 'file.wps' is set but not ever checked.
WARNING: flowbits key 'file.pub' is set but not ever checked.
WARNING: flowbits key 'file.pct' is set but not ever checked.
WARNING: flowbits key 'file.tiff.little' is set but not ever checked.
WARNING: flowbits key 'tlsv1.client_hello.request' is checked but not ever
set.
WARNING: flowbits key 'file.pls' is set but not ever checked.
WARNING: flowbits key 'trojan.nervos' is set but not ever checked.
WARNING: flowbits key 'file.lnk' is set but not ever checked.
WARNING: flowbits key 'backdoor.fearless.runtime' is checked but not ever
set.
WARNING: flowbits key 'file.smi' is set but not ever checked.
WARNING: flowbits key 'file.slk' is set but not ever checked.
WARNING: flowbits key 'file.xspf' is set but not ever checked.
WARNING: flowbits key 'file.quicktime.mp4' is set but not ever checked.
WARNING: flowbits key 'file.dbp' is set but not ever checked.
WARNING: flowbits key 'backdoor.asylum.connect' is checked but not ever set.
WARNING: flowbits key 'file.otf' is set but not ever checked.
WARNING: flowbits key 'file.qcp' is set but not ever checked.
WARNING: flowbits key 'ABSystemSpy_Inforetrieve1' is set but not ever
checked.
WARNING: flowbits key 'file.ttf' is set but not ever checked.
WARNING: flowbits key 'file.tiff' is set but not ever checked.
WARNING: flowbits key 'file.visprj' is set but not ever checked.
WARNING: flowbits key 'file.aiff' is set but not ever checked.
WARNING: flowbits key 'AOLAdmin1.1.connection' is checked but not ever set.
WARNING: flowbits key 'file.wav' is set but not ever checked.
WARNING: flowbits key 'file.torrent' is set but not ever checked.
WARNING: flowbits key 'oracle.connect' is checked but not ever set.
WARNING: flowbits key 'file.asx' is set but not ever checked.
WARNING: flowbits key 'file.fpx' is set but not ever checked.
WARNING: flowbits key 'file.realplayer.playlist' is set but not ever
checked.
WARNING: flowbits key 'file.mp3' is set but not ever checked.
WARNING: flowbits key 'file.ole' is set but not ever checked.
WARNING: flowbits key 'dorkbot.ircinit' is set but not ever checked.
WARNING: flowbits key 'file.mswmm' is set but not ever checked.
WARNING: flowbits key 'file.dxf' is set but not ever checked.
WARNING: flowbits key 'file.ogg' is set but not ever checked.
WARNING: flowbits key 'file.xls' is set but not ever checked.
WARNING: flowbits key 'file.engtesselate' is set but not ever checked.
WARNING: flowbits key 'file.pkp' is set but not ever checked.
WARNING: flowbits key 'file.avi.video' is set but not ever checked.
WARNING: flowbits key 'file.pmd' is set but not ever checked.
WARNING: flowbits key 'file.class' is set but not ever checked.
WARNING: flowbits key 'file.visio' is set but not ever checked.
WARNING: flowbits key 'backdoor.y3krat_15.client.response' is checked but
not ev
er set.
WARNING: flowbits key 'file.4xm' is set but not ever checked.
WARNING: flowbits key 'backdoor.donalddick.1.5.b.3.conn' is checked but not
ever
set.
WARNING: flowbits key 'file.m3u' is set but not ever checked.
WARNING: flowbits key 'file.bmp' is set but not ever checked.
WARNING: flowbits key 'sslv2.server_hello.request' is checked but not ever
set.
WARNING: flowbits key 'file.xlw' is set but not ever checked.
WARNING: flowbits key 'file.psfont' is set but not ever checked.
WARNING: flowbits key 'file.ani' is set but not ever checked.
WARNING: flowbits key 'file.realmedia' is set but not ever checked.
WARNING: flowbits key 'file.quicktime' is set but not ever checked.
WARNING: flowbits key 'file.wmf' is set but not ever checked.
WARNING: flowbits key 'file.jpeg' is set but not ever checked.
WARNING: flowbits key 'file.vap' is set but not ever checked.
WARNING: flowbits key 'file.hpj' is set but not ever checked.
WARNING: flowbits key 'file.eot' is set but not ever checked.
WARNING: flowbits key 'file.works' is set but not ever checked.
WARNING: flowbits key 'file.cue' is set but not ever checked.
WARNING: flowbits key 'file.avi' is set but not ever checked.
WARNING: flowbits key 'kit.blackhole' is set but not ever checked.
WARNING: flowbits key 'file.flv' is set but not ever checked.
WARNING: flowbits key 'file.dmg' is set but not ever checked.
WARNING: flowbits key 'file.tiff.big' is set but not ever checked.
WARNING: flowbits key 'file.eps' is set but not ever checked.
WARNING: flowbits key 'file.xml' is set but not ever checked.
WARNING: flowbits key 'file.asf' is set but not ever checked.
WARNING: flowbits key 'file.dir' is set but not ever checked.
WARNING: flowbits key 'file.xpm' is set but not ever checked.
WARNING: flowbits key 'file.pptx' is set but not ever checked.
98 out of 1024 flowbits in use.
[ Port Based Pattern Matching Memory ]
+- [ Aho-Corasick Summary ] -------------------------------------
| Storage Format : Full-Q
| Finite Automaton : DFA
| Alphabet Size : 256 Chars
| Sizeof State : Variable (1,2,4 bytes)
| Instances : 75
| 1 byte states : 66
| 2 byte states : 9
| 4 byte states : 0
| Characters : 11282
| States : 8191
| Transitions : 176281
| State Density : 8.4%
| Patterns : 963
| Match States : 930
| Memory (MB) : 3.98
| Patterns : 0.07
| Match Lists : 0.09
| DFA
| 1 byte states : 0.34
| 2 byte states : 3.39
| 4 byte states : 0.00
+----------------------------------------------------------------
[ Number of patterns truncated to 20 bytes: 124 ]
pcap DAQ configured to passive.
The DAQ version does not support reload.
Acquiring network traffic from
"\Device\NPF_{3B066531-94C4-4299-B2D6-3F3A0E2E98B
1}".
Decoding Ethernet
--== Initialization Complete ==--
,,_ -*> Snort! <*-
o" )~ Version 2.9.2.3-ODBC-MySQL-WIN32 GRE (Build 205)
'''' By Martin Roesch & The Snort Team:
http://www.snort.org/snort/snort-t
eam
Copyright (C) 1998-2012 Sourcefire, Inc., et al.
Using PCRE version: 8.10 2010-06-25
Using ZLIB version: 1.2.3
Rules Engine: SF_SNORT_DETECTION_ENGINE Version 1.15 <Build 18>
Preprocessor Object: SF_SSLPP Version 1.1 <Build 4>
Preprocessor Object: SF_SSH Version 1.1 <Build 3>
Preprocessor Object: SF_SMTP Version 1.1 <Build 9>
Preprocessor Object: SF_SIP Version 1.1 <Build 1>
Preprocessor Object: SF_SDF Version 1.1 <Build 1>
Preprocessor Object: SF_REPUTATION Version 1.1 <Build 1>
Preprocessor Object: SF_POP Version 1.0 <Build 1>
Preprocessor Object: SF_MODBUS Version 1.1 <Build 1>
Preprocessor Object: SF_IMAP Version 1.0 <Build 1>
Preprocessor Object: SF_GTP Version 1.1 <Build 1>
Preprocessor Object: SF_FTPTELNET Version 1.2 <Build 13>
Preprocessor Object: SF_DNS Version 1.1 <Build 4>
Preprocessor Object: SF_DNP3 Version 1.1 <Build 1>
Preprocessor Object: SF_DCERPC2 Version 1.0 <Build 3>
Commencing packet processing (pid=2128)
and after this pressing Ctrl+C getting following output even though we
have run it for 30 minutes and opened so many web sites of http and ftp
*** Caught Int-Signal
===============================================================================
Run time for packet processing was 356.27000 seconds
Snort processed 0 packets.
Snort ran for 0 days 0 hours 5 minutes 56 seconds
Pkts/min: 0
Pkts/sec: 0
===============================================================================
Packet I/O Totals:
Received: 0
Analyzed: 0 ( 0.000%)
Dropped: 0 ( 0.000%)
Filtered: 0 ( 0.000%)
Outstanding: 0 ( 0.000%)
Injected: 0
===============================================================================
Breakdown by protocol (includes rebuilt packets):
Eth: 0 ( 0.000%)
VLAN: 0 ( 0.000%)
IP4: 0 ( 0.000%)
Frag: 0 ( 0.000%)
ICMP: 0 ( 0.000%)
UDP: 0 ( 0.000%)
TCP: 0 ( 0.000%)
IP6: 0 ( 0.000%)
IP6 Ext: 0 ( 0.000%)
IP6 Opts: 0 ( 0.000%)
Frag6: 0 ( 0.000%)
ICMP6: 0 ( 0.000%)
UDP6: 0 ( 0.000%)
TCP6: 0 ( 0.000%)
Teredo: 0 ( 0.000%)
ICMP-IP: 0 ( 0.000%)
EAPOL: 0 ( 0.000%)
IP4/IP4: 0 ( 0.000%)
IP4/IP6: 0 ( 0.000%)
IP6/IP4: 0 ( 0.000%)
IP6/IP6: 0 ( 0.000%)
GRE: 0 ( 0.000%)
GRE Eth: 0 ( 0.000%)
GRE VLAN: 0 ( 0.000%)
GRE IP4: 0 ( 0.000%)
GRE IP6: 0 ( 0.000%)
GRE IP6 Ext: 0 ( 0.000%)
GRE PPTP: 0 ( 0.000%)
GRE ARP: 0 ( 0.000%)
GRE IPX: 0 ( 0.000%)
GRE Loop: 0 ( 0.000%)
MPLS: 0 ( 0.000%)
ARP: 0 ( 0.000%)
IPX: 0 ( 0.000%)
Eth Loop: 0 ( 0.000%)
Eth Disc: 0 ( 0.000%)
IP4 Disc: 0 ( 0.000%)
IP6 Disc: 0 ( 0.000%)
TCP Disc: 0 ( 0.000%)
UDP Disc: 0 ( 0.000%)
ICMP Disc: 0 ( 0.000%)
All Discard: 0 ( 0.000%)
Other: 0 ( 0.000%)
Bad Chk Sum: 0 ( 0.000%)
Bad TTL: 0 ( 0.000%)
S5 G 1: 0 ( 0.000%)
S5 G 2: 0 ( 0.000%)
Total: 0
===============================================================================
Action Stats:
Alerts: 0 ( 0.000%)
Logged: 0 ( 0.000%)
Passed: 0 ( 0.000%)
Limits:
Match: 0
Queue: 0
Log: 0
Event: 0
Alert: 0
Verdicts:
Allow: 0 ( 0.000%)
Block: 0 ( 0.000%)
Replace: 0 ( 0.000%)
Whitelist: 0 ( 0.000%)
Blacklist: 0 ( 0.000%)
Ignore: 0 ( 0.000%)
===============================================================================
Frag3 statistics:
Total Fragments: 0
Frags Reassembled: 0
Discards: 0
Memory Faults: 0
Timeouts: 0
Overlaps: 0
Anomalies: 0
Alerts: 0
Drops: 0
FragTrackers Added: 0
FragTrackers Dumped: 0
FragTrackers Auto Freed: 0
Frag Nodes Inserted: 0
Frag Nodes Deleted: 0
===============================================================================
Stream5 statistics:
Total sessions: 0
TCP sessions: 0
UDP sessions: 0
ICMP sessions: 0
IP sessions: 0
TCP Prunes: 0
UDP Prunes: 0
ICMP Prunes: 0
IP Prunes: 0
TCP StreamTrackers Created: 0
TCP StreamTrackers Deleted: 0
TCP Timeouts: 0
TCP Overlaps: 0
TCP Segments Queued: 0
TCP Segments Released: 0
TCP Rebuilt Packets: 0
TCP Segments Used: 0
TCP Discards: 0
TCP Gaps: 0
UDP Sessions Created: 0
UDP Sessions Deleted: 0
UDP Timeouts: 0
UDP Discards: 0
Events: 0
Internal Events: 0
TCP Port Filter
Dropped: 0
Inspected: 0
Tracked: 0
UDP Port Filter
Dropped: 0
Inspected: 0
Tracked: 0
===============================================================================
===============================================================================
SMTP Preprocessor Statistics
Total sessions : 0
Max concurrent sessions : 0
===============================================================================
dcerpc2 Preprocessor Statistics
Total sessions: 0
===============================================================================
===============================================================================
SIP Preprocessor Statistics
Total sessions: 0
===============================================================================
Snort exiting
Please let me know how to set this for output , modifications to be made in
snort.conf file and actual output to come and I'll be glad if you 7 tell
the rules to be added for alerting and blocking for windows 7 .and
version of snort is 2.9.2.3
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- installation problem Deepika p (Jun 21)
- Re: installation problem praveen_recker . (Jun 21)
- Re: installation problem Michael Steele (Jun 21)
- Re: installation problem praveen_recker . (Jun 21)
- Message not available
- Re: installation problem Michael Steele (Jun 21)