Snort mailing list archives
Re: BPF problem
From: James Lay <jlay () slave-tothe-box net>
Date: Fri, 11 Jul 2014 12:00:04 -0600
On 2014-07-11 11:55, Mike Patterson wrote:
On Jul 11, 2014, at 1:49 PM, waldo kitty <wkitty42 () windstream net> wrote:On 7/11/2014 1:34 PM, Mike Patterson wrote:Following up to myself: I’ve tried various permutations of my BPF filter to no avail. I tried Snort versions 2.9.5.3 (which is what’s on my old sensor), 2.9.6.0, and 2.9.6.1. Always, Snort says it’s reading my BPF filter, and always, it’s including alerts for IPs and networks that are in the filter. My current filter is of the form: not (net 1.2.3.4/8 or not net 10.0.0.0/24 or not 172.16.12.1)this may not be related to your problem but i can't help seeing the double negatives in the above... are you wanting to include or exclude traffic to/from 10.0.0.0/24 and 172.16.12.1? if you want to exclude traffic from them, perhaps you mean to use not (net 1.2.3.4/8 or net 10.0.0.0/24 or 172.16.12.1)That’s actually what I’m using, I just can’t transcribe properly. Mike ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Give: not (net 1.2.3.4/8 or net 10.0.0.0/16 or 172.16.12.1) a go James ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- BPF problem Mike Patterson (Jul 10)
- Re: BPF problem Mike Patterson (Jul 11)
- Re: BPF problem James Lay (Jul 11)
- Re: BPF problem Mike Patterson (Jul 11)
- Re: BPF problem waldo kitty (Jul 11)
- Re: BPF problem Mike Patterson (Jul 11)
- Re: BPF problem James Lay (Jul 11)
- Re: BPF problem Mike Patterson (Jul 11)
- Re: BPF problem James Lay (Jul 11)
- Re: BPF problem Mike Patterson (Jul 11)
- Re: BPF problem elof (Jul 16)
- Re: BPF problem Mike Patterson (Jul 16)
- Re: BPF problem Mike Patterson (Jul 16)
- Re: BPF problem James Lay (Jul 11)
- Re: BPF problem Mike Patterson (Jul 11)