Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: what does this mean?

From: "Crook, Parker" <Parker_Crook () reyrey com>
Date: Thu, 20 Jan 2011 14:30:20 -0500
-----Original Message-----
From: waldo kitty [mailto:wkitty42 () windstream net]
Sent: Thursday, January 20, 2011 1:30 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] what does this mean?

i'm trying to assist someone in another forum with several problems... one
of
their reports is they are getting the following...

ERROR: Bpf compilation failed: syntax error.  PCAP filter: stop.

what does it mean? they report that they are using snort 2.8.6.0... would
it be
something in the snort.conf or possibly the threshold.conf file?


Most likely they have a problem with their Berkeley packet filter expression(s) in their bpf file, or they have too 
long of an expression they are trying to pass on the cli.

Can you get a copy of how they have their bpf setup?  Are they doing it on the cli (via something like 'not port 22 and 
not net 192.168.0.0/24')? Or feeding it in via -F?  What are the arguments they're using for the filter?

-Parker


------------------------------------------------------------------------------
Protect Your Site and Customers from Malware Attacks
Learn about various malware tactics and how to avoid them. Understand 
malware threats, the impact they can have on your business, and how you 
can protect your company and customers by using code signing.
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: