RE: [Snort-users] snort and acid - Traffic Profile by Protocol doesnt update

Thanks for the reply. If that's the case then it doenst work. The output
from snort -v doesnt match the traffic bars in Acid. It seems it just
doesn't update the traffic stats correctly. I already tried disabling the
caching of IE but that didnt work either. Any ideas?


>From: "Harper, Patrick" <patrick.harper@phns.com>
>To: "John Oost" <johnoost@hotmail.com>,<snort-users@lists.sourceforge.net>
>Subject: RE: [Snort-users] snort and acid - Traffic Profile by Protocol
>doesnt update correctly
>Date: Sat, 11 Sep 2004 05:26:39 -0500
>MIME-Version: 1.0
>Received: from mc12-f10.hotmail.com ([65.54.167.146]) by
>mc12-s16.hotmail.com with Microsoft SMTPSVC(5.0.2195.6824); Sat, 11 Sep
>2004 03:40:04 -0700
>Received: from sc8-sf-list1.sourceforge.net ([66.35.250.206]) by
>mc12-f10.hotmail.com with Microsoft SMTPSVC(5.0.2195.6824); Sat, 11 Sep
>2004 03:40:03 -0700
>Received: from localhost ([127.0.0.1] helo=projects.sourceforge.net)by
>sc8-sf-list1.sourceforge.net with esmtp (Exim 4.30)id 1C656N-00025m-Un;
>Sat, 11 Sep 2004 03:27:27 -0700
>Received: from sc8-sf-mx1-b.sourceforge.net ([10.3.1.11]
>helo=sc8-sf-mx1.sourceforge.net)by sc8-sf-list1.sourceforge.net with esmtp
>(Exim 4.30)id 1C655p-00022s-EHfor snort-users@lists.sourceforge.net; Sat,
>11 Sep 2004 03:26:53 -0700
>Received: from mailhost.phns.com ([65.218.77.18]
>helo=phnsdalnt21.corp.phns.com)by sc8-sf-mx1.sourceforge.net with esmtp
>(Exim 4.34)id 1C655p-0000Ei-08for snort-users@lists.sourceforge.net; Sat,
>11 Sep 2004 03:26:53 -0700
>Received: from Unknown [192.168.1.96] by phnsdalnt21.corp.phns.com -
>SurfControl E-mail Filter (4.7); Sat, 11 Sep 2004 05:26:44 -0500
>X-Message-Info: KtxBqYfPyq2vEZZfTqSbyKtN+MV9IXcK
>Message-ID:
><14A490F0F982C641B8676869ADE5E5A5021A0269@phnsdal nt09.corp.phns.com>
>X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
>X-MS-Has-Attach: X-MS-TNEF-Correlator:
>X-SEF-EF86D4DA-F5EF-48AC-BAE7-6AAA48BBD740: 1
>content-class: urn:content-classes:message
>Thread-Topic: [Snort-users] snort and acid - Traffic Profile by Protocol
>doesnt update correctly
>Thread-Index: AcSX0wnVVQXTIBmuTYqLhd4OICPK5gAFlsEg
>X-Spam-Score: 0.3 (/)
>X-Spam-Report: Spam Filtering performed by sourceforge.net.See
>http://spamassassin.org/tag/ for more details.Report problems to
>http://sf.net/tracker/?func=add&grou...atid=2000010.0
>SF_CHICKENPOX_SLASH BODY: Text interparsed with /0.0 SF_CHICKENPOX_MINUS
> BODY: Text interparsed with -0.0 SF_CHICKENPOX_COLON BODY: Text
>interparsed with :0.0 SF_CHICKENPOX_AT BODY: Text interparsed with
>@0.0 SF_CHICKENPOX_APOSTROPHE BODY: Text interparsed with '0.0
>SF_CHICKENPOX_PARATHESES_OPEN BODY: Text interparsed with (0.0
>SF_CHICKENPOX_PERIOD BODY: Text interparsed with .0.2 EXCUSE_16
> BODY: I wonder how many emails they sent in error0.0
>SF_CHICKENPOX_UNDERSCORE BODY: Text interparsed with _0.0
>SF_CHICKENPOX_EQUAL BODY: Text interparsed with =
>Errors-To: snort-users-admin@lists.sourceforge.net
>X-BeenThere: snort-users@lists.sourceforge.net
>X-Mailman-Version: 2.0.9-sf.net
>Precedence: bulk
>List-Unsubscribe:
><https://lists.sourceforge.net/lists/listinfo/snort-users>,<mailto:snort-users-request@lists.sourceforge.net?subject=unsubscribe>
>List-Id: Snort users talk about... Snort!
><snort-users.lists.sourceforge.net>
>List-Post: <mailto:snort-users@lists.sourceforge.net>
>List-Help: <mailto:snort-users-request@lists.sourceforge.net?subject=help>
>List-Subscribe:
><https://lists.sourceforge.net/lists/listinfo/snort-users>,<mailto:snort-users-request@lists.sourceforge.net?subject=subscribe>
>List-Archive:
><http://sourceforge.net/mailarchive/forum.php?forum=snort-users>
>X-Original-Date: Sat, 11 Sep 2004 05:26:39 -0500
>Return-Path: snort-users-admin@lists.sourceforge.net
>X-OriginalArrivalTime: 11 Sep 2004 10:40:03.0674 (UTC)
>FILETIME=[B23E1BA0:01C497EB]
>
>That is just the traffic that snort saw. If it matches any rule it gets
>put in the alert file and sent to whatever your output option is set
>for, in your case the mysql database. If you ant to make sure your
>getting alerts scan it with one of the scanners I have listed at the
>bottom of that paper.
>
>
>-----Original Message-----
>From: John Oost [mailto:johnoost@hotmail.com]
>Sent: Saturday, September 11, 2004 2:31 AM
>To: snort-users@lists.sourceforge.net
>Subject: [Snort-users] snort and acid - Traffic Profile by Protocol
>doesnt update correctly
>
>Hi All,
>
>I just installed snort and acid for the first time and quickly read
>through the manuals. I installed snort and Acid on Redhat 9 using
>Patrick Harper's installation guide. Everything seems to work fine
>except for the "Traffic Profile by Protocol" display of acid. This
>display just doesnt seem to update every time. When I run snort -v and
>press ctrl-c after a while it tells me that 99% of the traffic was tcp.
>The display in Acid displays 79% udp and 3% tcp. Is this display
>supposed to show the traffic that snort has "sniffed" or the traffic
>that was identified as "bad" ? If it's the first, is this a known error?
>
>Best regards,
>
>_________________________________________________ ________________
>Hotmail en Messenger on the move
>http://www.msn.nl/communicatie/smsdi.../hotmailsmsv2/
>
>
>
>-------------------------------------------------------
>This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
>Project Admins to receive an Apple iPod Mini FREE for your judgement on
>who ports your project to Linux PPC the best. Sponsored by IBM.
>Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php
>_______________________________________________
>Snort-users mailing list
>Snort-users@lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/...fo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.p...st=snort-users
>
>
>
>
>
>
>Disclaimer:
>This electronic message, including any attachments, is confidential and
>intended solely for use of the intended recipient(s). This message may
>contain information that is privileged or otherwise protected from
>disclosure by applicable law. Any unauthorized disclosure, dissemination,
>use or reproduction is strictly prohibited. If you have received this
>message in error, please delete it and notify the sender immediately.
>
>
>
>
>
>-------------------------------------------------------
>This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
>Project Admins to receive an Apple iPod Mini FREE for your judgement on
>who ports your project to Linux PPC the best. Sponsored by IBM.
>Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php
>_______________________________________________
>Snort-users mailing list
>Snort-users@lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/...fo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.p...st=snort-users

__________________________________________________ _______________
Hotmail en Messenger on the move
http://www.msn.nl/communicatie/smsdi.../hotmailsmsv2/



-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users