In-Reply-To: <[EMAIL PROTECTED]>
sounds like you don't have the correct version of Libpcap installed.
Snort requires an older version. I think .04.
I had the same problem on my RedHat 7.2 server. I had to download the
older verion in order for snort to work.
>Received: (qmail 13616 invoked from network); 1 Jun 2002 19:27:19 -0000
>Received: from outgoing3.securityfocus.com (HELO
outgoing.securityfocus.com) (66.38.151.27)
> by mail.securityfocus.com with SMTP; 1 Jun 2002 19:27:19 -0000
>Received: from lists.securityfocus.com (lists.securityfocus.com
[66.38.151.19])
> by outgoing.securityfocus.com (Postfix) with QMQP
> id AAAEDA312C; Sat, 1 Jun 2002 12:54:39 -0600 (MDT)
>Mailing-List: contact [EMAIL PROTECTED]; run by
ezmlm
>Precedence: bulk
>List-Id: <security-basics.list-id.securityfocus.com>
>List-Post: <mailto:[EMAIL PROTECTED]>
>List-Help: <mailto:[EMAIL PROTECTED]>
>List-Unsubscribe: <mailto:[EMAIL PROTECTED]>
>List-Subscribe: <mailto:[EMAIL PROTECTED]>
>Delivered-To: mailing list [EMAIL PROTECTED]
>Delivered-To: moderator for [EMAIL PROTECTED]
>Received: (qmail 1080 invoked from network); 31 May 2002 22:42:48 -0000
>From: "Don Weber" <[EMAIL PROTECTED]>
>To: "Thomas Madhavan" <[EMAIL PROTECTED]>,
> "Leon Ward" <[EMAIL PROTECTED]>
>Cc: <[EMAIL PROTECTED]>
>Subject: RE: Snort or Ethereal for a relative newbie?
>Date: Fri, 31 May 2002 15:46:07 -0700
>Message-ID: <[EMAIL PROTECTED]>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="us-ascii"
>Content-Transfer-Encoding: 7bit
>X-Priority: 3 (Normal)
>X-MSMail-Priority: Normal
>X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
>Importance: Normal
>In-reply-to: <[EMAIL PROTECTED]>
>
>the snort "dropping" of packets, is meant in the sense that snort does no
>further inspecting of the packet, not literally drop it from the system,
its
>just allowed to continue on thru snorts little hallway without further
>interruption by any more rules or inspections
>
>-----Original Message-----
>From: Thomas Madhavan [mailto:[EMAIL PROTECTED]]
>Sent: Wednesday, May 29, 2002 1:13 PM
>To: Leon Ward
>Cc: [EMAIL PROTECTED]
>Subject: Re: Snort or Ethereal for a relative newbie?
>
>
>I thought Snort was capable of dropping packets based on the snort
>ruleset... am I wrong? Is that performed only by the firewall?
>
>I realise Ethereal is only for listening to what's happening.
>
>Does anyone have any in depth installation and config tutorials?
>Snort.org has a few, but nothing I can make good use of.
>
>I'll check out silicondefense... although I'm not on any MS product -
>Mandrake Linux 8.2
>
>Regards,
>Thomas Madhavan
>
>Leon Ward wrote:
>
>>It seams that you are thinking on slightly along the wrong lines here,
>>Snort and Ethereal capture packets and do not do not block anything.
>>Snort has the capability to inspect packets against a set of rules and
>>report accordingly (alert on suspicious traffic).
>>Ethereal captures packets for the purpose of allowing a user to inspect
>what
>>is going on the "wire".
>>
>>As far as the snort compiling problems go, check that the directory that
>>libpcap installed its libraries into is listed in your /etc/ld.so.conf
>file.
>>
>>Try installing both libpcap and snort from source, you will get more
>>installation options.
>>
>>Nard
>>
>>
>>
>>-----Original Message-----
>>From: Thomas Madhavan [mailto:[EMAIL PROTECTED]]
>>Sent: 25 May 2002 15:29
>>To: [EMAIL PROTECTED]
>>Subject: Snort or Ethereal for a relative newbie?
>>
>>
>>Hi all. Responses have been good before so I thought I'd try again.
>>
>>I've recently set up a Mandrake 8.2 workstation. I've used firestarter
to
>>build a firewall, and I want to use a packet sniffer.
>>
>>After installing Snort, it didn't work due to a data type 113 error. I
>>uninstalled it, then reinstalled from an RPM, but apparently I don't
have
>>libpcap installed (which I do).
>>
>>So, I tried Ethereal and it works fine. However, can rulesets be
applied to
>>Ethereal as they can with Snort? I want a little extra security, not
just
>>logs of packets.
>>
>>If Ethereal *can* be used to block packets, is it a good substitute for
>>snort? Or would I benefit from using Snort instead? There also seem to
be a
>>lot of snort reporting tools - are there any for Ethereal?
>>
>>Thanks a lot,
>>
>>Thomas Madhavan
>>
>>
>>
>>
>>This E-mail and its attachments have been scanned for viruses before
>>delivery. For more information contact [EMAIL PROTECTED]
>>
>>This E-mail and its attachments have been scanned for viruses before
>delivery.
>>We recommend that all attachments are also checked by recipients before
>being viewed.
>>For more information contact [EMAIL PROTECTED]
>>
>>
>
>
>
>
>
