snort problem1

最新推荐文章于 2022-02-24 22:05:36 发布

马灯

最新推荐文章于 2022-02-24 22:05:36 发布

阅读量1.1k

点赞数

分类专栏： snort

本文链接：https://blog.csdn.net/a1234567mdy/article/details/9197381

版权

snort 专栏收录该内容

4 篇文章 0 订阅

订阅专栏

[root@av ~]# service snortd rstart
Usage: /etc/init.d/snortd {start|stop|restart|status}
[root@av ~]# service snortd restart
Stopping snort:                                            [确定]
Starting snort:                                            [确定]
[root@av ~]# snort -v
Running in packet dump mode

        --== Initializing Snort ==--
Initializing Output Plugins!
***
*** interface device lookup found: eth0
***
Initializing Network Interface eth0
Decoding Ethernet on interface eth0

        --== Initialization Complete ==--

   ,,_     -*> Snort! <*-
o" )~   Version 2.8.5.1 (Build 114)
   ''''    By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team
           Copyright (C) 1998-2009 Sourcefire, Inc., et al.
           Using PCRE version: 7.8 2008-09-05

Not Using PCAP_FRAMES
*** Caught Usr-Signal: 'Rotate Stats'
06/28-15:18:45.951599 172.16.15.130:17500 -> 255.255.255.255:17500
UDP TTL:128 TOS:0x0 ID:10617 IpLen:20 DgmLen:140
Len: 112
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

06/28-15:18:45.952249 172.16.15.130:17500 -> 172.16.15.255:17500
UDP TTL:128 TOS:0x0 ID:10618 IpLen:20 DgmLen:140
Len: 112
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

06/28-15:18:49.145181 ARP who-has 172.16.15.1 tell 172.16.15.1

06/28-15:18:54.653956 172.16.15.127:1900 -> 239.255.255.250:1900
UDP TTL:4 TOS:0x0 ID:15031 IpLen:20 DgmLen:161
Len: 133
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

06/28-15:18:54.654060 172.16.15.127:1900 -> 239.255.255.250:1900
UDP TTL:4 TOS:0x0 ID:15032 IpLen:20 DgmLen:160
Len: 132
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

06/28-15:18:54.654169 172.16.15.127:1900 -> 239.255.255.250:1900
UDP TTL:4 TOS:0x0 ID:15033 IpLen:20 DgmLen:165
Len: 137
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

06/28-15:18:54.654267 172.16.15.127:1900 -> 239.255.255.250:1900
UDP TTL:4 TOS:0x0 ID:15034 IpLen:20 DgmLen:129
Len: 101
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

06/28-15:18:54.654372 172.16.15.127:1900 -> 239.255.255.250:1900
UDP TTL:4 TOS:0x0 ID:15035 IpLen:20 DgmLen:129
Len: 101
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

06/28-15:18:54.934977 172.16.15.115:17500 -> 255.255.255.255:17500
UDP TTL:64 TOS:0x0 ID:45913 IpLen:20 DgmLen:140
Len: 112
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

06/28-15:18:54.937501 172.16.15.115:17500 -> 172.16.15.255:17500
UDP TTL:64 TOS:0x0 ID:45914 IpLen:20 DgmLen:140
Len: 112
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

^C*** Caught Int-Signal
Snort exiting
Run time prior to being shutdown was 24.890668 seconds
===============================================================================
Packet Wire Totals:
   Received:           24
   Analyzed:           23 (95.833%)
    Dropped:            0 (0.000%)
Outstanding:            1 (4.167%)
===============================================================================
Breakdown by protocol (includes rebuilt packets):
      ETH: 23         (100.000%)
ETHdisc: 0          (0.000%)
     VLAN: 0          (0.000%)
     IPV6: 0          (0.000%)
IP6 EXT: 0          (0.000%)
IP6opts: 0          (0.000%)
IP6disc: 0          (0.000%)
      IP4: 9          (39.130%)
IP4disc: 0          (0.000%)
    TCP 6: 0          (0.000%)
    UDP 6: 0          (0.000%)
    ICMP6: 0          (0.000%)
ICMP-IP: 0          (0.000%)
      TCP: 0          (0.000%)
      UDP: 9          (39.130%)
     ICMP: 0          (0.000%)
TCPdisc: 0          (0.000%)
UDPdisc: 0          (0.000%)
ICMPdis: 0          (0.000%)
     FRAG: 0          (0.000%)
   FRAG 6: 0          (0.000%)
      ARP: 1          (4.348%)
    EAPOL: 0          (0.000%)
ETHLOOP: 0          (0.000%)
      IPX: 0          (0.000%)
    OTHER: 13         (56.522%)
DISCARD: 0          (0.000%)
InvChkSum: 0          (0.000%)
   S5 G 1: 0          (0.000%)
   S5 G 2: 0          (0.000%)
    Total: 23
===============================================================================
Action Stats:
ALERTS: 0
LOGGED: 0
PASSED: 0
===============================================================================
[root@av ~]# snort -v /etc/snort/snort.conf -d -e -X -v -i 1
Running in packet dump mode

        --== Initializing Snort ==--
Initializing Output Plugins!
Snort BPF option: /etc/snort/snort.conf
Initializing Network Interface 1
ERROR: OpenPcap() device 1 open: 1: No such device exists (SIOCGIFHWADDR: No such device)
Fatal Error, Quitting..
[root@av ~]# snort -v /etc/snort/snort.conf -d -e -X -v -i 2
Running in packet dump mode

        --== Initializing Snort ==--
Initializing Output Plugins!
Snort BPF option: /etc/snort/snort.conf
Initializing Network Interface 2
ERROR: OpenPcap() device 2 open: 2: No such device exists (SIOCGIFHWADDR: No such device)
Fatal Error, Quitting..
[root@av ~]# snort -v /etc/snort/snort.conf -d -e -X -v -i eth0 -D
[root@av ~]# ps -ef |grep snort
root      2901     1 1 15:15 ?        00:00:04 gedit /etc/snort/snort.conf
snortd    2952     1 0 15:18 ?        00:00:00 /usr/sbin/snort -D -A fast -b -l /var/log/snort -d -u snortd -g snortd -i eth0 -c /etc/snort/snort.conf
root      2964 2906 0 15:20 pts/0    00:00:00 grep snort
[root@av ~]#