Linux‎ > ‎Suse‎ > ‎

snort-2.9.2.2_pfring-5.3.0

snort:~ # cat /proc/version
Linux version 3.0.13-0.27-default (geeko@buildhost) (gcc version 4.3.4 [gcc-4_3-branch revision 152973] (SUSE Linux) ) #1 SMP Wed Feb 15 13:33:49 UTC 2012 (d73692b)
 
snort:~ # cat /etc/SuSE-brand ; cat /etc/SuSE-release
SLES
VERSION = 11
CO-BRANDS = SLE openSUSE
SUSE Linux Enterprise Server 11 (x86_64)
VERSION = 11
PATCHLEVEL = 2
 
snort:~ # groupadd snort && useradd -c "Oinc\!" -d /opt/snort -g snort -m snort
snort:~ # yast
 
    [ Software | Software Management ]
 
    autoconf
    automake
    gcc
     gcc43
    gcc-c++
     gcc43-c++
     glibc-devel
     libstdc++43-devel
     linux-kernel-headers
    bison
    flex
    libgnutls-extra-devel
     libgnutls-extra26
     libgnutls-devel
     libgcrypt-devel
     libgpg-error-devel
     libopencdk-devel
     libopencdk10
     zlib-devel
    [ subversion ]
 
snort:~ # sudo su - snort
snort@snort:~> mkdir lib src
snort@snort:~> ln -s lib lib64
snort@snort:~> ln -s bin sbin
 
snort@snort:~> cd src/
snort@snort:~/src> cp /somewhere/over/the/rainbow/* .
snort@snort:~/src> ll
insgesamt 27504
-rw-r--r-- 1 snort snort   451581  3. Mai 16:01 daq-0.6.2.tar.gz
-rw-r--r-- 1 snort snort   970125  3. Mai 16:01 libdnet-1.12.tgz
-rw-r--r-- 1 snort snort   581984  3. Mai 16:01 libpcap-1.1.1.tar.gz
-rw-r--r-- 1 snort snort  2442411  3. Mai 16:01 libprelude-0.9.21.tar.gz
-rw-r--r-- 1 snort snort  1635262  3. Mai 16:01 pcre-8.30.tar.gz
-rw-r--r-- 1 snort snort 14915945  3. Mai 16:01 PF_RING-5.3.0.tar.gz
-rw-r--r-- 1 snort snort  6529966  3. Mai 16:01 snort-2.9.2.2.tar.gz
-rw-r--r-- 1 snort snort   557220  3. Mai 16:01 zlib-1.2.6.tar.gz
 
snort@snort:~/src> tar zxf daq-0.6.2.tar.gz
snort@snort:~/src> tar zxf libdnet-1.12.tgz
snort@snort:~/src> tar zxf libpcap-1.1.1.tar.gz
snort@snort:~/src> tar zxf libprelude-0.9.21.tar.gz
snort@snort:~/src> tar zxf pcre-8.30.tar.gz
snort@snort:~/src> tar zxf PF_RING-5.3.0.tar.gz
snort@snort:~/src> tar zxf snort-2.9.2.2.tar.gz
snort@snort:~/src> tar zxf zlib-1.2.6.tar.gz
 
snort@snort:~/src> cd libpcap-1.1.1
snort@snort:~/src/libpcap-1.1.1 # ./configure --prefix=/opt/snort --enable-shared
snort@snort:~/src/libpcap-1.1.1 # make
snort@snort:~/src/libpcap-1.1.1 # make install && make install-shared
 
snort@snort:~/src> cd PF_RING-5.3.0/kernel/
snort@snort:~/src/PF_RING-5.3.0/kernel> make clean && make
snort@snort:~/src/PF_RING-5.3.0/kernel> sudo su
root's password:
snort:/opt/snort/src/PF_RING-5.3.0/kernel # make install
snort:/opt/snort/src/PF_RING-5.3.0/kernel # insmod pf_ring.ko enable_tx_capture=0
snort:/opt/snort/src/PF_RING-5.3.0/kernel # exit
snort@snort:~/src/PF_RING-5.3.0/kernel> cd ../userland/lib/
snort@snort:~/src/PF_RING-5.3.0/userland/lib> ./configure --prefix=/opt/snort
snort@snort:~/src/PF_RING-5.3.0/userland/lib> make && make install
     
snort@snort:~/src> cd libdnet-1.12
snort@snort:~/src/libdnet-1.12> ./configure --prefix=/opt/snort
snort@snort:~/src/libdnet-1.12> make && make install
 
snort@snort:~/src> cd zlib-1.2.6
snort@snort:~/src/zlib-1.2.6> ./configure --prefix=/opt/snort
snort@snort:~/src/zlib-1.2.6> make && make install
 
snort@snort:~/src> cd pcre-8.30/
snort@snort:~/src/pcre-8.30/> ./configure --prefix=/opt/snort
snort@snort:~/src/pcre-8.30/> make && make install
 
snort@snort:~/src> cd libprelude-0.9.21/
snort@snort:~/src/libprelude-0.9.21> ./configure --prefix=/opt/snort --enable-static
snort@snort:~/src/libprelude-0.9.21> make && make install
 
snort@snort:~/src> cd daq-0.6.2
snort@snort:~/src> LD_LIBRARY_PATH='/opt/snort:/opt/snort/lib' ./configure --prefix=/opt/snort \
    --with-libpcap-includes=/opt/snort/include --with-libpcap-libraries=/opt/snort/lib \
    --with-dnet-includes=/opt/snort/include --with-dnet-libraries=/opt/snort/lib
snort@snort:~/src> make && make install
 
snort@snort:~/src> cd snort-2.9.2.2
snort@snort:~/src/snort-2.9.2.2> LD_LIBRARY_PATH='/opt/snort:/opt/snort/lib' ./configure --prefix=/opt/snort \
    --with-libpcap-includes=/opt/snort/include --with-libpcap-libraries=/opt/snort/lib \
    --with-libpcre-includes=/opt/snort/include --with-libpcre-libraries=/opt/snort/lib \
    --with-dnet-includes=/opt/snort/include --with-dnet-libraries=/opt/snort/lib \
    --with-daq-includes=/opt/snort/include --with-daq-libraries=/opt/snort/lib \
    --with-libpfring-includes=/opt/snort/include --with-libpfring-libraries=/opt/snort/lib \
    --with-libprelude-prefix=/opt/snort --enable-sourcefire
snort@snort:~/src/snort-2.9.2.2> make && make install
 
snort@snort:~/src/PF_RING-5.3.0/userland/lib> cd ../libpcap-1.1.1-ring/
snort@snort:~/src/PF_RING-5.3.0/userland/libpcap-1.1.1-ring> ./configure --prefix=/opt/snort
snort@snort:~/src/PF_RING-5.3.0/userland/libpcap-1.1.1-ring> make
snort@snort:~/src/PF_RING-5.3.0/userland/libpcap-1.1.1-ring> make install && make install-shared
snort@snort:~/src/PF_RING-5.3.0/userland/libpcap-1.1.1-ring> cd ../snort/pfring-daq-module/
snort@snort:~/src/PF_RING-5.3.0/userland/snort/pfring-daq-module> autoreconf -ivf
snort@snort:~/src/PF_RING-5.3.0/userland/snort/pfring-daq-module> ./configure --prefix=/opt/snort \
    --with-libpfring-includes=/opt/snort/include --with-libpfring-libraries=/opt/snort/lib
snort@snort:~/src/PF_RING-5.3.0/userland/snort/pfring-daq-module> make && make install
 
snort@snort:~> logout
snort:~ # /opt/snort/bin/snort -i eth3
Running in packet dump mode
 
        --== Initializing Snort ==--
Initializing Output Plugins!
pcap DAQ configured to passive.
The DAQ version does not support reload.
Acquiring network traffic from "eth3".
Decoding Ethernet
 
        --== Initialization Complete ==--
 
   ,,_     -*> Snort! <*-
  o"  )~   Version 2.9.2.2 IPv6 GRE (Build 121) x86_64
   ''''    By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team
           Copyright (C) 1998-2012 Sourcefire, Inc., et al.
           Using libpcap version 1.1.1
           Using PCRE version: 8.30 2012-02-04
           Using ZLIB version: 1.2.6
 
Commencing packet processing (pid=30237)
05/03-16:38:50.431407 192.168.56.1:16470 -> 192.168.56.104:22
TCP TTL:128 TOS:0x0 ID:3126 IpLen:20 DgmLen:40 DF
***A**** Seq: 0xBA7F5440  Ack: 0x9EEAF193  Win: 0xF824  TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
 
05/03-16:38:50.631944 192.168.56.1:16470 -> 192.168.56.104:22
TCP TTL:128 TOS:0x0 ID:3127 IpLen:20 DgmLen:40 DF
***A**** Seq: 0xBA7F5440  Ack: 0x9EEAF2C7  Win: 0xF6F0  TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
 
05/03-16:38:50.831972 192.168.56.1:16470 -> 192.168.56.104:22
TCP TTL:128 TOS:0x0 ID:3128 IpLen:20 DgmLen:40 DF
***A**** Seq: 0xBA7F5440  Ack: 0x9EEAF3FB  Win: 0xF5BC  TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
 
05/03-16:38:51.032663 192.168.56.1:16470 -> 192.168.56.104:22
TCP TTL:128 TOS:0x0 ID:3129 IpLen:20 DgmLen:40 DF
***A**** Seq: 0xBA7F5440  Ack: 0x9EEAF52F  Win: 0xFAF0  TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
 
    ^C*** Caught Int-Signal
 
05/03-16:38:53.340362 192.168.56.1:16470 -> 192.168.56.104:22
TCP TTL:128 TOS:0x0 ID:3142 IpLen:20 DgmLen:40 DF
***A**** Seq: 0xBA7F5474  Ack: 0x9EEB0507  Win: 0xF720  TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
 
===============================================================================
Run time for packet processing was 3.105112 seconds
Snort processed 18 packets.
Snort ran for 0 days 0 hours 0 minutes 3 seconds
   Pkts/sec:            6
===============================================================================
Packet I/O Totals:
   Received:           18
   Analyzed:           18 (100.000%)
    Dropped:            0 (  0.000%)
   Filtered:            0 (  0.000%)
Outstanding:            0 (  0.000%)
   Injected:            0
===============================================================================
Breakdown by protocol (includes rebuilt packets):
        Eth:           18 (100.000%)
       VLAN:            0 (  0.000%)
        IP4:           17 ( 94.444%)
       Frag:            0 (  0.000%)
       ICMP:            0 (  0.000%)
        UDP:            0 (  0.000%)
        TCP:           17 ( 94.444%)
        IP6:            0 (  0.000%)
    IP6 Ext:            0 (  0.000%)
   IP6 Opts:            0 (  0.000%)
      Frag6:            0 (  0.000%)
      ICMP6:            0 (  0.000%)
       UDP6:            0 (  0.000%)
       TCP6:            0 (  0.000%)
     Teredo:            0 (  0.000%)
    ICMP-IP:            0 (  0.000%)
      EAPOL:            0 (  0.000%)
    IP4/IP4:            0 (  0.000%)
    IP4/IP6:            0 (  0.000%)
    IP6/IP4:            0 (  0.000%)
    IP6/IP6:            0 (  0.000%)
        GRE:            0 (  0.000%)
    GRE Eth:            0 (  0.000%)
   GRE VLAN:            0 (  0.000%)
    GRE IP4:            0 (  0.000%)
    GRE IP6:            0 (  0.000%)
GRE IP6 Ext:            0 (  0.000%)
   GRE PPTP:            0 (  0.000%)
    GRE ARP:            0 (  0.000%)
    GRE IPX:            0 (  0.000%)
   GRE Loop:            0 (  0.000%)
       MPLS:            0 (  0.000%)
        ARP:            1 (  5.556%)
        IPX:            0 (  0.000%)
   Eth Loop:            0 (  0.000%)
   Eth Disc:            0 (  0.000%)
   IP4 Disc:            0 (  0.000%)
   IP6 Disc:            0 (  0.000%)
   TCP Disc:            0 (  0.000%)
   UDP Disc:            0 (  0.000%)
  ICMP Disc:            0 (  0.000%)
All Discard:            0 (  0.000%)
      Other:            0 (  0.000%)
Bad Chk Sum:            0 (  0.000%)
    Bad TTL:            0 (  0.000%)
     S5 G 1:            0 (  0.000%)
     S5 G 2:            0 (  0.000%)
      Total:           18
===============================================================================
Snort exiting
 

Comments