-
September 9th, 2003, 04:05 PM
#1
Senior Member
help with snort
i just got myself a copy of snort 2.0.1 with winpcap 3 and IDScenter 1.1 RC4.
i have never used snort before, i have gone through the program and setup everything that i can see but yet when i try to run snort the console windows comes up with
ERROR: No netmask specified for home network!
Fatal Error, Quitting..
I`ve looked through all the settings and i can not find anything that would account for this error.
I`m running WinNT4 SP6a in case it makes a diffence?
I`d be gratefull for any assistance with this cause i am completely lost!
mark
-
September 9th, 2003, 04:06 PM
#2
Could you put up the section of your snort config file that covers the variables such as $HOME_NET etc? It shoulds like one of them is missing a value.
-
September 9th, 2003, 04:13 PM
#3
Senior Member
i hope this is what you meant.
###################################################
# Step #1: Set the network variables:
# You must change the following variables to reflect
# your local network. The variable is currently
# setup for an RFC 1918 address space.
###################################################
var EXTERNAL_NET 82.33.40.181
var HOME_NET 192.168.1.1
var DNS_SERVERS $HOME_NET
var SMTP_SERVERS $HOME_NET
var HTTP_SERVERS $HOME_NET
var SQL_SERVERS $HOME_NET
var TELNET_SERVERS $HOME_NET
var HTTP_PORTS 80
var SHELLCODE_PORTS !80
var ORACLE_PORTS 1521
var AIM_SERVERS [64.12.24.0/24,64.12.25.0/24,64.12.26.14/24,64.12.28.0/24,64.12.29.0/24,64.12.161.0/24,64.12.163.0/24,205.188.5.0/24,205.188.9.0/24]
var RULE_PATH ../rules
I`ve used IDScenter to set it up, i dunno if that will afect it?
mark
-
September 9th, 2003, 04:24 PM
#4
var EXTERNAL_NET 82.33.40.181
var HOME_NET 192.168.1.1
should be
var EXTERNAL_NET 82.33.40.181/8 (assuming the netmask is 255.0.0.0)
var HOME_NET 192.168.1.1/24 (assuming the netmask is 255.255.255.0)
And do you just want traffic on your internal network from one machine (i.e., 192.168.1.1) or the network (e.g., 192.168.1.0)
-
September 9th, 2003, 04:34 PM
#5
Senior Member
i have just tried changing it to that but still no luck i`m afraid. it still comes up with the same error.
Perhaps if i give a bit more detail it might help.
The computer with snort on has one network card which is connected to a broadband modem, my internet ip address is 82.33.40.181, the second network card then connects to my private network, the private network ip address for that computer is 192.168.1.1 then the other computers connected go on from that, 192.168.1.2, etc...
i want to monitor all the connections coming in off of the internet.
hope that helps.
mark
-
September 9th, 2003, 04:48 PM
#6
Then this should be var HOME_NET 192.168.1.0/24
-
September 9th, 2003, 04:53 PM
#7
Senior Member
cheers but still no luck i`m afraid. changed it to what you said but still got the exact same message.
mark
-
September 9th, 2003, 05:05 PM
#8
Hrmmm...
You don't have two snort.conf files by any chance?
-
September 9th, 2003, 05:16 PM
#9
Senior Member
thanks for the help, i`ve managed to get it past that error,i think it was because IDScenter was not issueing the command properly.
it was issuing
C:\Snort\bin\snort.exe -c "C:\Snort\etc\snort.conf" -l "C:\snortlog" -h 192.168.1.1
so i changed it and put this into the command line
C:\Snort\bin\snort.exe -c "C:\Snort\etc\snort.conf" -l "C:\snortlog" -h 192.168.1.0/24
it seemed to work but then i get this diffrent error
ERROR: Unable to open rules file: classification.config or ./classification.config
Fatal Error, Quitting..
i`ve checked and the file is their and seems to be ok???
i`m hoping that you may have a reason for this error as well.
mark
-
September 9th, 2003, 05:21 PM
#10
Usually means the config file can't find the rules. For that portion (at the bottom of the config file IIRC) I usually put in the absolute path to the rules location. e.g., include /path/to/rules/sql.rules
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|