Snort mailing list archives

Snort Version 2.9.4-WIN32 GRE (Build 40) on Windows 7 fails with the Error: Failed to parse the IP address:

From: "HORNER, LARRY J" <lh248x () att com>
Date: Wed, 27 Feb 2013 22:21:56 +0000

Snort Version 2.9.4-WIN32 GRE (Build 40) on Windows 7 fails with the Error: Failed to parse the IP address:

ERROR: ..\etc\snort.conf(0) Failed to parse the IP address: 132.64.0.0/204.78.32


Sample of the command line running from an Administrator cmd shell.

C:\Snort\bin>snort -d -l C:\Snort\log -c C:\Snort\etc\snort.conf -i 1 -T
Running in Test mode

        --== Initializing Snort ==--
Initializing Output Plugins!
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file "C:\Snort\etc\snort.conf"
ERROR: C:\Snort\etc\snort.conf(0) Failed to parse the IP address: 4.161.0.0/76.1
73.36.0.
Fatal Error, Quitting..


The interfaces available are:
C:\Snort\bin>snort -W 

   ,,_     -*> Snort! <*-
  o"  )~   Version 2.9.4-WIN32 GRE (Build 40)
   ''''    By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-t
eam
           Copyright (C) 1998-2012 Sourcefire, Inc., et al.
           Using PCRE version: 8.10 2010-06-25
           Using ZLIB version: 1.2.3

Index   Physical Address        IP Address      Device Name     Description
-----   ----------------        ----------      -----------     -----------
    1   A0:B3:CC:C6:91:DB       0000:0000:fe80:0000:0000:0000:a2b3:ccff \Device\
NPF_{0AD1CAB2-C383-4E01-BEE7-FB58FF53D81C}      Intel(R) 82579LM Gigabit Network
 Connection
    2   00:05:9A:3C:78:00       0000:0000:fe80:0000:0000:0000:0205:9aff \Device\
NPF_{5C39B775-CBA4-4881-95C6-4BF605635568}      Cisco Systems VPN Adapter
    3   00:00:00:00:00:00       0000:0000:fe80:0000:0000:0000:02ff:70ff \Device\
NPF_{702D99BE-33C6-4C11-AB1D-04EE97199B01}      VPN-Win32 Adapter V8
    4   00:00:00:00:00:00       0000:0000:fe80:0000:0000:0000:2677:03ff \Device\
NPF_{ABA78611-3142-4AB6-9AFF-B2401532E988}      Microsoft
    5   00:00:00:00:00:00       0000:0000:fe80:0000:0000:0000:2677:03ff \Device\
NPF_{27859974-EC73-4007-B563-09F45BFA4E4F}      Microsoft


The contents of the C:\Snort\etc directory - with the Windows paths updated in the snort.conf file:
C:\Snort\bin>dir C:\Snort\etc
 Volume in drive C is SYSTEM
 Volume Serial Number is 3E1A-41A3

 Directory of C:\Snort\etc

02/26/2013  04:38 PM    <DIR>          .
02/26/2013  04:38 PM    <DIR>          ..
06/07/2011  06:33 PM             3,757 classification.config
09/20/2012  06:09 PM            30,490 gen-msg.map
01/06/2012  09:27 AM               687 reference.config
01/24/2013  11:35 AM         1,908,680 sid-msg.map
02/27/2013  03:07 PM            24,836 snort.conf
07/06/2009  06:39 PM             2,335 threshold.conf
07/13/2011  04:43 PM           160,606 unicode.map
               7 File(s)      2,131,391 bytes
               2 Dir(s)  43,121,950,720 bytes free


Testing with a -c option to a non-existing file: - interesting -
C:\Snort\bin>snort -d -l C:\Snort\log -c ..\etc\foo.conf -i 1 -T
Running in Test mode

        --== Initializing Snort ==--
Initializing Output Plugins!
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file "..\etc\foo.conf"
ERROR: ..\etc\foo.conf(0) Failed to parse the IP address: 4.176.2.0/44.188.42.0.

Fatal Error, Quitting..

Testing with an indirect reference in place of a direct reference to the snort.conf file:
C:\Snort\bin>snort -d -l C:\Snort\log -c ..\etc\snort.conf -i 1 -T
Running in Test mode

        --== Initializing Snort ==--
Initializing Output Plugins!
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file "..\etc\snort.conf"
ERROR: ..\etc\snort.conf(0) Failed to parse the IP address: 132.64.0.0/204.78.32
.0.
Fatal Error, Quitting..


Assistance would be appreciated.
Thanks in advance,

Larry


------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Snort Version 2.9.4-WIN32 GRE (Build 40) on Windows 7 fails with the Error: Failed to parse the IP address: HORNER, LARRY J (Feb 27)
- Re: Snort Version 2.9.4-WIN32 GRE (Build 40) on Windows 7 fails with the Error: Failed to parse the IP address: waldo kitty (Feb 27)