Device didn't translate

["Di Fresco Marco" <superdif () ciaoweb it>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all,
I am a newbie and I just subsciribed to the list.

I don't know if this kind of problem has already been discussed; I
tried to look in both the archive and the documentation, but I didn't
found anything.

I am running snort 2.1.0 on WinXP Pro with all the patches installed;
I am using WinPcap 3.0. I have a cable connection.

In my snort.conf I configured the following:
var HOME_NET (\Device\NPF_{18..3C})
As suggested in FAQ #3.7 (even if in theory with the cable connection
the IP address should be static, in practice it changes every 4 days
or so). I have abbreviated the \Device... part for both personal
security and your readability, but in the snort.conf the full value
is the correspondent for what I get for my ethernet card using "snort
- -W".

For do some test, I tried to execute the following command:
D:\Snort\Bin\snort.exe -dev -l "D:\Snort\log" -h [MYIP]/32 -c
"D:\Snort\etc\snort.conf"
As sugested at the beginning of
http://www.snort.org/docs/snort_manual/node6.html; the above command
has some changes compared to the one in the page because I have
adapted to my situation; for security reason in the above command I
changed my real IP address with [MYIP].

The problem is that I get the following error message:
"ERROR: ERROR D:\Snort\rules/bad-traffic.rules(12): Rule IP addr
((\Device\NPF_{18..3C})) didn't translate"
As I said before, I have abbreviated the \Device... part for both
personal security and your readability.

I get the same error message for other kind of command (I can't
report them because I didn't took notes).

How I can solve the problem? I hope I gave enough informations; if
some info is missing, please ask.

Thank in advance.




Di Fresco Marco
http://home.comcast.net/~superdif/

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQIVAwUBQAsUiWFI2e+I8s0+AQIZIw//aJSgHJCghBNYvl8XRfUThWDCV5l1yM8X
ndcCFmp1ML6yj5GnuGxRNQ34U9DLoBkBqBQNBMl1Uc88BP+VZVzlY7EE0goKqkWa
vFYpqZg1WRcxfbTORo6XIHy3Cv/WAs9TyknBevA8CmjARzz/uzoOq6DKQu30+4Mv
xPfR6uPtYI2wS+0RYKgceDDCqVP1X43IPXkYG8akKBN46yhq7ogUSYKpGbk6N/MQ
AU1kczjug0nDYdhzj2mNXJj6H9RvTMgt/Y1Mb5u+prPgdkUHVfecgUg+xUuM0Bvl
VJm9xCU9dZbGfkOzWnDXHKsN9bhitgOA8GBO4zV/d3YjQBlfxdaXQjlSuGQjmS1c
AmllTnmNSOJEAtnK1hYllSROt5UVV9lXl6AiEzCumq4/O+Y9KuTr8YENTW7vQ03L
tMCOaC9OVhTHdblnCgbWDrNsXU1zwWsowzf8u1DOzCSaMCNfUHOho2zKdEB9m/f8
dy/r5ijzLK2DIoguleKyU4AnjgBsfA3D0U6RywB1nRIsu/jgGWwmGPoZaRxm7yTj
CqhN5OOaC/RD1DAI4cCKpeX9vR/EKr7HzABE0/WGRgAf6b5UXUhTlVrCAy5lM5Ts
+kZTAj2GNzotJZN3eoAWo5qgM2AMr7G5YIpzLPI60OJ2kOJg5mjLlWqh03pWjzyI
2fTpPeYwis0=
=4zKN
-----END PGP SIGNATURE-----



-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users