Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort 1.8.7b6 not listen to BPF filters

From: Michael Scheidell <scheidell () secnap net>
Date: Fri, 19 Jul 2002 14:56:35 -0400 (EDT)
A couple of things here:

      1)  Update to 1.8.7 since it's been released and has many bugfixes
backported from 1.9 into it.

1.8.7 does same thing.



      2)  try it without using a "file".

              snort <options> 'not host foo'


/usr/local/bin/snort -doDI -m 022 -z \
-c /usr/local/etc/snort.conf -i rl0 -l /var/log/snort \
not src host 10.1.1.10


does not record tcp attacks.


      3)  compile with debug and set DEBUG_INIT and DEBUG_CONFIGURES, then
fire off with and without using the -F option.  See if there's anything odd
going on.


guess thats next.



Cause the wierd part is I don't have a problem with BPF's working.  Could it
be your pcap?  I'm using the 0.7.1.tar.gz from tcpdump.org.


Im using whatever library it finds on FBSD 4.5.
-- 
Michael Scheidell
SECNAP Network Security, LLC 
Sales: 866-SECNAPNET / (1-866-732-6276)
Main: 561-368-9561 / www.secnap.net
Positions available see http://www.secnap.net/employment/


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: