Questions tagged [snort]
Snort is an open source intrusion prevention system which capable of real-time traffic analysis and packet logging.
53 questions
0
votes
0
answers
16
views
Snort: <dir> and <var> paths
Where should I look for a paths for dir and var in config daq in snort.conf?
- 11
0
votes
1
answer
133
views
ERROR: Can't start DAQ (-1) - Error opening adapter [SNORT]
When I have used command snort -c C:\Snort\etc\snort.conf -A console -i eth0 in cmd I got
this error
Also I've checked this question, but it didn't help me, because after removing wpcap.dll and Packet....
1
vote
1
answer
238
views
Snort: Error with configuration
I've tried to initialize Snort though command "snort -T -c c:\snort\etc\snort.conf" but it interrupts:
ERROR: c:\snort\etc\c:\Snort\rules\preproc_rules(0) Unable to open rules file "c:\...
- 11
0
votes
1
answer
746
views
How can I fix this error?
I installed snort IDS system on windows 11 and when I tried to run this command:
snort -i 4 -c c:\snort\etc\snort.conf -T
as mentioned in a Youtube video I encountered this error:
ERROR: c:\snort\etc\...
1
vote
0
answers
735
views
Generate alert from pcap file with Snort
I'm learning to use snort by myself and I can't figure out if I'm generating alerts from a file well.
The rules i have in local.rules are:
alert icmp any any -> any any (msg:"Testing ICMP"...
0
votes
0
answers
974
views
Starting Snort gives an Error on Windows 10?
I installed Snort on Windows 10, but when I try to start it with snort -V it gives back an Error could not find VCRUNTIME140.dll .
I tried to reinstall/repair the Programm Snort, but it gives the same ...
- 461
1
vote
0
answers
404
views
SNORT Conf File MACOS
I installed SNORT using brew install snort . However, there is no configuration file installed (snort.conf). Is this normal? How do I manage rules then?
Also, when I run SNORT, there is the error ...
- 11
1
vote
0
answers
136
views
Snort causing DHCP ACK spam in VirtualBox internal network
I have an internal network (10.10.0.0/24) in VirtualBox which has been configured with a DHCP server using VBoxManage. There are 3 VMs on the network, Ubuntu 16 (10.10.0.2 & 10.10.0.5), Ubuntu 18 (...
- 11
1
vote
1
answer
707
views
Decrypt HTTPS traffic for IDS and encrypt it and send it again
so I have this architecture in VirtualBox :
Client <--> IDS <--> server
where all of the machines are implemented in Kali Linux and I am currently hosting a website on the Server which is ...
- 11
1
vote
1
answer
818
views
Using Gateway's Link-Local v6 Address for LAN Client's IPv6 Gateway Setting... What Is The Source IP For Packets From Clients As Seen By The Gateway?
I'm still wrapping my head around the finer points of IPv6. It just hasn't been a priority to mess with it much and I didn't have the personal interest until my latest little project. However, one ...
- 2,416
1
vote
2
answers
6k
views
Snort 2.9.13 Error: Cant start DAQ (-1) --> Fatal Error quiting
I have installed Snort 2.9.13 on Windows 10. When I try to check the interfaces with Snort -W, it doesn't show any. However, using Windows' ipconfig they are visible.
When I test Snort using snort -i ...
- 11
0
votes
1
answer
984
views
Manjaro Linux snort installation : ERROR! dnet header not found
I want to install snort on Manjaro Linux. snort is not available on pacman and I tried to install via code below.
pamac build snort
I am getting this error
ERROR! dnet header not found, go get it ...
1
vote
0
answers
1k
views
Snort can’t start and says it failed to parse the IP address: 8.0.0.0/8.0.0.0
I need to use Snort in Windows.
I've done the configuration several times but no luck. Snort always returns output like this
The Snort configuration file can be found here on Google Drive.
- 11
0
votes
1
answer
513
views
Custom Snort rule prevent me from starting the WAN interface
I'm having an issue where when I add a custom rule to my WAN interface(SNORT), I can't start the interface, not even the simplest ping rules work now despite having worked just fine all day.
Trouble ...
0
votes
1
answer
2k
views
Configuring virtual network interface as sniffing interface
I have a Snort IDS running Ubuntu Server 16.04 with one physical ethernet interface (eno1). I have configured two virtual network interfaces using the eno1 interface: eno1:0 for the sniffing interface ...
- 61
1
vote
0
answers
190
views
Configuring virtual network interface as sniffing interface
I have a Snort IDS running Ubuntu Server 16.04 with one physical ethernet interface (eno1). I have configured two virtual network interfaces using the eno1 interface: eno1:0 for the sniffing interface ...
- 61
0
votes
1
answer
9k
views
Snort finding the alert file DATA with snort.logs.xxxxxxx
I'am working on task where my security team is asking me to provide a pcap file under the folder /var/log/snort. They have picked up a source IPADDRESS from an alert file and they need to do more ...
- 103
0
votes
0
answers
125
views
Snort Cannot send alert to database
I have some problem with Snort on Ubuntu server 14.04
I don't know why, if my server going down because the electricity going down and if Iam add some table or add privilages on Snort database(mysql), ...
- 1
1
vote
1
answer
723
views
fwsnort won't apply rules in iptables
I'm using Debian 8, and I want to update fwsnort rules through this command:
fwsnort --update-rules
Though after downloading 9.4 MB of rules in '/etc/fwsnort/snort_rules/emerging-all.rules' file, it ...
- 113
0
votes
1
answer
2k
views
Snort 'make install' error on Linux
I'm trying to install Snort on Debian and I get this error after 'make install':
make[6]: Nothing to be done for 'install-exec-am'.
/bin/mkdir -p '/usr/local/lib/snort_dynamicengine'
/bin/bash ../....
- 131
0
votes
1
answer
812
views
Snort running with pfSense
First of all, I am sorry about my English skill.
I have a topology and I want to integrate the Snort with pfSense.
Can pfSense auto add firewall rules when Snort alert?
Does pfSense have function to ...
- 1
0
votes
1
answer
208
views
snort installation on windows : missing database config line in snort.conf
I installed Snort on windows 7, and added all the rules and everything works fine for me.
The thing that I want to add, is to save alerts in mysql database, in my case, in some tutorials that I found ...
1
vote
0
answers
37
views
How can I autonomously dump/push the AP logs from the assortment of devices without logging into each?
I am running an AWS OpenVPN EC2 server providing a VPN for mobile devices.
Additionally, I am managing an OpenWRT in my house, an ISP provided Linksys in another state, and a mid-grade Cisco Aironet ...
- 11
-1
votes
1
answer
87
views
Bash: I want to count letters and substitute text
OK so I'm extremely new to bash shell scripting and I've been pretty successful up until this point. I'm using BASH to fix a problem...
I want to turn a basic domain name:
Buddies.forlife.com
into
|...
0
votes
2
answers
1k
views
How can I type "Edit /etc/snort/snort.conf " in Mac terminal?
Please help me with:
Configuration:
Copy the default configuration file from the package into the /etc/snort directory:
cp ./etc/* /etc/snort/
Edit /etc/snort/snort.conf and make the ...
0
votes
1
answer
2k
views
How to Edit /etc/snort/snort.conf on Mac os x
Configuration
1-Copy the default configuration file from the package into the /etc/snort directory:
cp ./etc/* /etc/snort/
2-Edit /etc/snort/snort.conf and make the following changes:
var ...
0
votes
1
answer
951
views
Snort/Barnyard2 Wont compile on Raspberry Pi with Ubuntu
I've been following this Guide to install snort and barnyard. When I try to configure barnyard I get this error.
/usr/local/include/dnet.h:22:23: fatal error: dnet/sctp.h: No such file or directory
...
- 101
0
votes
1
answer
397
views
Snort wont trigger alert from tap interface eth0
I have snort set up on a raspberry pi running a modified Ubuntu. Between my modem and router I have a switch that mirrors all the traffic to a port that is connected to the eth0 interface on my ...
- 101
0
votes
1
answer
617
views
Compiling Snort for OpenWRT
I'm trying to install Snort on an OpenWRT VM. I followed the instructions on the Snort homepage and it looks like it requires the make tool for compiling the code:
./configure --enable-sourcefire; ...
- 131
3
votes
2
answers
7k
views
Home Network Setup to Monitor Traffic via Snort
I have a decent background in linux, however, I severely misunderstand networking fundamentals. I am trying to set up a home environment where my Virtual Box RedHat box monitors all the traffic on my ...
Nathan_Sharktek
1
vote
1
answer
2k
views
Snort installed on Ubuntu not sending alerts to syslog
I have a Magento website setup on a Linux machine that is based on a Bitnami ready-made image.
The main goal is to be notified by email whenever there might be a potential attack on the site.
My ...
- 11
1
vote
1
answer
1k
views
openwrt using iptables with tee seems broken
I've been trying to set up port mirroring on openwrt version 14.07 following this guide:
however the command:
$iptables -t mangle -A POSTROUTING -o br-lan ! -s 192.168.0.0/16 -j TEE --gateway 192....
- 111
1
vote
1
answer
286
views
Are these Snort rules redundant?
I was looking through the community.rules made available on the Snort web page, and noticed these two rules:
Rule @ line 2643: alert udp $HOME_NET any -> any 53 (msg:"BLACKLIST DNS request for ...
- 111
0
votes
1
answer
750
views
Snort Failing to start on Ubuntu 9.04
EDIT: Hey! To anyone stumbling across this question who followed this guide: https://help.ubuntu.com/community/SnortIDS
It's too old and WILL NOT work! Find a different one!
I'm trying to get Snort ...
- 167
0
votes
1
answer
238
views
How to get details- like Remote ip- about alert genrated by suricata after scanning pcap file
I wanted to test security of my android phone so I leaved it for one day running tcpdump in the background.
Then I send resulting pcap to virustotal.com. They are scanning pcap file using snort and ...
- 99
3
votes
1
answer
364
views
Retaining origin when using Snort with a loadbalancer? Or why it's a bad idea?
Initially I deployed HAProxy so that it would be possible to notice bad traffic going into my web server (rather than it being obscured by TLS), but now I noticed the rather obvious problem that once ...
- 323
0
votes
1
answer
456
views
Snorby with PostgreSQL installation issue in Mac OS X 10.10.2 (Yosemite)
Trying to setup Snorby for Snort with PostgreSQL on Mac OS X 10.10.2 (Yosemite)
Snort 2.9.7.2 GRE (Build 177)
PostgreSQL 9.4.1
ruby 1.9.3p551 (2014-11-13 revision 48407) [x86_64-darwin14.1.0]
Here ...
- 2,187
-2
votes
2
answers
25k
views
OSX: Snort: ERROR: /etc/snort/../rules/local.rules(0) Unable to open rules file "/etc/snort/../rules/local.rules": No such file or directory
I'm trying to setup and run Snort IDS on mac using this kinda tutorial:
https://discussions.apple.com/thread/3370709?start=0&tstart=0
OSX Yosemite (10.10.2);
PostgreSQL 9.4.1 (installed with ...
- 2,187
0
votes
1
answer
6k
views
OSX: Postgresql port 5432 is closed. How to open?
Mac OS X Yosemite (10.10.2)
Postgresql 9.4.1 (installed with Homebrew)
Snort 2.9.7.0 (installed with Homebrew)
I can't connect to psql - port 5432 seem to be closed:
$ psql postgres
psql: could ...
- 2,187
0
votes
0
answers
336
views
Snort IDS Network Toplogy
I have a network at work, running a domain controller for several workstations and a NAS. All this is behind a Fortigate 100D which has some IPS functionality and is a solid firewall. But I want to ...
- 329
1
vote
1
answer
389
views
SNORT -Unknown command line checksum option: ascii
snort -vde -l /var/log/snort -k ascii
when i tried this command it gives me the error
Unknown command line checksum option: ascii.
I don't know why,coz i hve installed snort successfully, and also ...
- 13
0
votes
1
answer
2k
views
Barnyard2 error on start
Been setting up a snort box with barnyard2, run into the error below. Can someone please help?
$Starting Snort Output Processor (barnyard2): ./barnyard2: 35: ./barnyard2: barnyard2: not found
/etc/...
- 51
0
votes
1
answer
689
views
barnyard2 dead but subsys locked - error
I installed snort and barnyard. When I start the snort service and barnyard service, initially they work. After a while barnyard service give an error.
Initially:
[root@- snort]# service barnyard2 ...
- 1
0
votes
1
answer
1k
views
How to start the Snort service with logging enabled?
I setup snort on Centos server and add as a service. When I use service snortd start command, the log file is created but it is empty. If I use snort -q -l /var/log/snort command, the log file created ...
- 1
0
votes
2
answers
18k
views
Error configuring Snort
I am setting up snort on Windows 8 machine and having trouble with it.
I am following the instructions mentioned here:
http://www.snort.org/assets/151/Installing_Snort_2.8.6.1_on_Windows_7.pdf
On ...
- 101
1
vote
1
answer
396
views
Snort 2.9.6 doesn't alert with VRT ruleset but with ETOpen
I have subscribed to Snort VRT and received the latest rule set (snortrules-snapshot-2956.tar.gz), I installed snort from source using (http://www.snort.org/assets/158/snortinstallguide293.pdf) guide ...
ESuser
1
vote
2
answers
536
views
Monitoring network traffic via switch access
I'd like to experiment with monitoring my home network traffic and wondering if a particular solution I have in mind will work. I have a pretty standard setup, Verizon FIOS coming in to my house and ...
user2013116
1
vote
3
answers
3k
views
Snort error on FreeBSD-9: Unknown preprocessor "ftp_telnet"
I've installed "Snort" on FreeBSD-9.1 (32-bit) from the standard ports using:
pkg_add -r snort
After configuring and running with:
snort -c /etc/snort/snort.conf -A full -u snort -g snort -i em1 -T
...
- 3,272
4
votes
2
answers
578
views
wifi router is masking ip addresses
I have a rookie question regarding routing and wifi access points.
Background
I have a main switch (cisco catalyst 2950) that sits behind my router/firewall. On that switch I have an IDS (snort) ...
- 83
3
votes
2
answers
6k
views
Error While Running Snort
I have been trying to get snort IDS to work, but I having some difficulty. When I run snort -c /etc/snort/snort.conf -l /var/log/snort I keep getting this error.
Initializing rule chains...
Warning: ...
- 141