help with snort
Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: help with snort

  1. #1
    Senior Member
    Join Date
    Dec 2002
    Posts
    134

    help with snort

    i just got myself a copy of snort 2.0.1 with winpcap 3 and IDScenter 1.1 RC4.
    i have never used snort before, i have gone through the program and setup everything that i can see but yet when i try to run snort the console windows comes up with

    ERROR: No netmask specified for home network!
    Fatal Error, Quitting..

    I`ve looked through all the settings and i can not find anything that would account for this error.
    I`m running WinNT4 SP6a in case it makes a diffence?

    I`d be gratefull for any assistance with this cause i am completely lost!

    mark

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Could you put up the section of your snort config file that covers the variables such as $HOME_NET etc? It shoulds like one of them is missing a value.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Senior Member
    Join Date
    Dec 2002
    Posts
    134
    i hope this is what you meant.


    ###################################################
    # Step #1: Set the network variables:
    # You must change the following variables to reflect
    # your local network. The variable is currently
    # setup for an RFC 1918 address space.
    ###################################################
    var EXTERNAL_NET 82.33.40.181
    var HOME_NET 192.168.1.1
    var DNS_SERVERS $HOME_NET
    var SMTP_SERVERS $HOME_NET
    var HTTP_SERVERS $HOME_NET
    var SQL_SERVERS $HOME_NET
    var TELNET_SERVERS $HOME_NET
    var HTTP_PORTS 80
    var SHELLCODE_PORTS !80
    var ORACLE_PORTS 1521
    var AIM_SERVERS [64.12.24.0/24,64.12.25.0/24,64.12.26.14/24,64.12.28.0/24,64.12.29.0/24,64.12.161.0/24,64.12.163.0/24,205.188.5.0/24,205.188.9.0/24]
    var RULE_PATH ../rules



    I`ve used IDScenter to set it up, i dunno if that will afect it?
    mark

  4. #4
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    var EXTERNAL_NET 82.33.40.181
    var HOME_NET 192.168.1.1

    should be

    var EXTERNAL_NET 82.33.40.181/8 (assuming the netmask is 255.0.0.0)
    var HOME_NET 192.168.1.1/24 (assuming the netmask is 255.255.255.0)

    And do you just want traffic on your internal network from one machine (i.e., 192.168.1.1) or the network (e.g., 192.168.1.0)
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  5. #5
    Senior Member
    Join Date
    Dec 2002
    Posts
    134
    i have just tried changing it to that but still no luck i`m afraid. it still comes up with the same error.
    Perhaps if i give a bit more detail it might help.
    The computer with snort on has one network card which is connected to a broadband modem, my internet ip address is 82.33.40.181, the second network card then connects to my private network, the private network ip address for that computer is 192.168.1.1 then the other computers connected go on from that, 192.168.1.2, etc...
    i want to monitor all the connections coming in off of the internet.
    hope that helps.
    mark

  6. #6
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Then this should be var HOME_NET 192.168.1.0/24
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  7. #7
    Senior Member
    Join Date
    Dec 2002
    Posts
    134
    cheers but still no luck i`m afraid. changed it to what you said but still got the exact same message.
    mark

  8. #8
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Hrmmm...

    You don't have two snort.conf files by any chance?
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  9. #9
    Senior Member
    Join Date
    Dec 2002
    Posts
    134
    thanks for the help, i`ve managed to get it past that error,i think it was because IDScenter was not issueing the command properly.
    it was issuing

    C:\Snort\bin\snort.exe -c "C:\Snort\etc\snort.conf" -l "C:\snortlog" -h 192.168.1.1


    so i changed it and put this into the command line

    C:\Snort\bin\snort.exe -c "C:\Snort\etc\snort.conf" -l "C:\snortlog" -h 192.168.1.0/24


    it seemed to work but then i get this diffrent error

    ERROR: Unable to open rules file: classification.config or ./classification.config
    Fatal Error, Quitting..


    i`ve checked and the file is their and seems to be ok???

    i`m hoping that you may have a reason for this error as well.
    mark

  10. #10
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Usually means the config file can't find the rules. For that portion (at the bottom of the config file IIRC) I usually put in the absolute path to the rules location. e.g., include /path/to/rules/sql.rules
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •