Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IP Range Problems

From: Brian <bmc () snort org>
Date: Tue, 8 Jul 2003 16:03:44 -0400
On Tue, Jul 08, 2003 at 11:58:11AM -0600, Nelson, Ben wrote:

i want snort to look at the ip range of 10.5.0.1 - 10.5.4.254 but i cant
figure out how to input this into the ip list.  how do i put that into
the var HOME_NET list?  thanks for any help


var HOME_NET [10.5.0.0/22,10.5.4.0/24]


technically, thats not correct.  You would also look at 10.5.0.0 and 
10.5.4.255 which don't fit in the range specified.  For the most part,
that will work, but if you want to be exact, you need:

var HOME_NET 
[10.5.0.1/32,10.5.0.2/31,10.5.0.4/30,10.5.0.8/29,10.5.0.16/28,10.5.0.32/27,10.5.0.64/26,10.5.0.128/25,10.5.1.0/24,10.5.2.0/23,10.5.4.0/25,10.5.4.128/26,10.5.4.192/27,10.5.4.224/28,10.5.4.240/29,10.5.4.248/30,10.5.4.252/31,10.5.4.254/32]

aggregate is your friend.  (echo 10.5.0.1 - 10.5.4.254 | aggregate -i range)

-brian


-------------------------------------------------------
This SF.Net email sponsored by: Parasoft
Error proof Web apps, automate testing & more.
Download & eval WebKing and get a free book.
www.parasoft.com/bulletproofapps
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: