RE: RE: Difficulty setting HOME_NET to my interface address

["L. Christopher Luther" <CLuther () Xybernaut com>]

Sorry... My bad.  What is it you say, Erek, "Take a penalty drink"?  ;) 

Anyway, I quickly glanced at the source code, specifically the
DefineIfaceVar() function in snort.c (I'm *guessing* that this where the
value for interface_ADDRESS is setup).  When I add two LogMessage() calls,
like:  

   snprintf(varbuf, BUFSIZ, "%s_ADDRESS", iname);
> LogMessage("\niname          = %s\n", iname);
> LogMessage("interface_ADDESS = %s\n", varbuf);

The output that now appears on my Snort console is:  
  
   Initializing Network Interface
\Device\Packet_{C4F961EB-4DD5-47F8-98E2-5FDE544E8621}
   
   iname            = \ 
   interface_ADDESS = \_ADDRESS 
   
           --== Initializing Snort ==--
   Decoding Ethernet on interface
\Device\Packet_{C4F961EB-4DD5-47F8-98E2-5FDE544E8621}

Hope this helps "someone" to figure out what's going on.  

- Christopher 


-----Original Message-----
From: Erek Adams [mailto:erek () snort org]
Sent: Friday, February 14, 2003 4:43 PM
To: L. Christopher Luther
Cc: 'Charles Darwin'; Snort-Users (E-mail); 'Paulo Santos Perneta'
Subject: Re: [Snort-users] RE: Difficulty setting HOME_NET to my
interface address


On Fri, 14 Feb 2003, L. Christopher Luther wrote:

> The HOME_NET variable in snort.conf does not except the value of the
> interface name; it is designed to use the IP network for which your
computer
> is a member.  For example:

[...snip...]

Actually, it _can_ take your interface name.

For example:

        var HOME_NET $eth0_ADDRESS

Check the FAQ for the answer [0].

Now since he's on a Win32 platform this may not be working as it should...
This will take some looking into.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson

[0]     http://www.snort.org/docs/faq.html#3.5