Snort mailing list archives
Re: Network Variables
From: waldo kitty <wkitty42 () windstream net>
Date: Thu, 02 May 2013 15:35:25 -0400
On 5/2/2013 15:24, Seth Dunn wrote:
Yes, as James said, thanks for breaking it down. Very instructive.
you are welcome... sometimes we have to back up from the forest to see everything clearly and then we can take small bites out of its arse as needed :P
I have configured my bpf file as you suggested:: not (net (10.10.0.0/24 or 10.30.0.0/24) and host 10.75.45.1 and port 80) Snort starts and is running, so I will watch it and see how things go.
good deal... and since you figured out the EoL problem was the culprit, i suggest you place some comment lines explaining what that object mask does for you just in case you have to add others and/or someone else needs to maintain the setup ;)
Since this is in a file, I don't have to do quotes there, only if I run it from the command line. The problem with the bpf file was what Shane suggested earlier, how the text editor was handling the end of line character. Snort, (I am guessing the bpf engine it uses) does not like the Windows style characters...it is only configured for *nix style editors. May be something they want to address in future releases....because it is an odd problem and one I didn't immediately think of (obviously)....especially since the snort.conf file is read fine.
as i wrote to you in private, good catch on that... now we can only hope that the maintainers handle that problem so that it doesn't rear its head and bite someone else :)
Thanks again to all for the help and information on this....it has been very enlightening.
i'm glad it has helped and i hope that others gain some insight, too :)
--
NOTE: No off-list assistance is given without prior approval.
Please keep mailing list traffic on the list unless
private contact is specifically requested and granted.
------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite
It's a free troubleshooting tool designed for production
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap2
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Network Variables, (continued)
- Re: Network Variables Seth Dunn (May 02)
- Re: Network Variables Seth Dunn (May 02)
- Re: Network Variables beenph (May 02)
- Re: Network Variables James Lay (May 02)
- Re: Network Variables Seth Dunn (May 02)
- Re: Network Variables Seth Dunn (May 02)
- Re: Network Variables waldo kitty (May 02)
- Re: Network Variables James Lay (May 02)
- Re: Network Variables waldo kitty (May 02)
- Message not available
- Re: Network Variables Seth Dunn (May 02)
- Re: Network Variables waldo kitty (May 02)
- Re: Network Variables Seth Dunn (May 02)
- Re: Network Variables Seth Dunn (May 02)
- Re: Network Variables James Lay (May 02)
- Re: Network Variables Russ Combs (May 02)
- Re: Network Variables waldo kitty (May 02)
- Re: Network Variables seth (May 02)