Snort mailing list archives
RE: BPF filters and Demarc
From: Gary Danko <GDanko () proflowers com>
Date: Mon, 28 Jul 2003 16:12:26 -0700
Okay I did some reading on the net and found a way to create the stuff to put in the filter file and now my filter file looks like this: [root@ids1 conf]$ more bpf-filters.conf (000) ldh [12] (001) jeq #0x800 jt 2 jf 6 (002) ld [26] (003) jeq #0x409cc50c jt 12 jf 4 (004) ld [30] (005) jeq #0x409cc50c jt 12 jf 13 (006) jeq #0x806 jt 8 jf 7 (007) jeq #0x8035 jt 8 jf 13 (008) ld [28] (009) jeq #0x409cc50c jt 12 jf 10 (010) ld [38] (011) jeq #0x409cc50c jt 12 jf 13 (012) ret #0 (013) ret #96 I am still receiving the same results when I try to start snort with the -F switch. -----Original Message----- From: Gary Danko Sent: Monday, July 28, 2003 3:47 PM To: 'snort-users () lists sourceforge net' Subject: [Snort-users] BPF filters and Demarc Hi all. I want to start Snort with the -F switch when I use Demarc. In Demarc's configuration file I have this entry for Snort options: # Additional Snort command-line options (default: "-o -q") snort_options = "-o -de" I changed it to something like this to try and load my bpf filter file: # Additional Snort command-line options (default: "-o -q") snort_options = "-F /usr/local/demarc/conf/bpf-filters.conf -o -de" Demarc is unable to start Snort when I include this file. Has anyone used Demarc/Snort with a bpf filters file? ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- BPF filters and Demarc Gary Danko (Jul 28)
- <Possible follow-ups>
- BPF filters and Demarc Gary Danko (Jul 28)
- Re: BPF filters and Demarc Erek Adams (Jul 29)
- RE: BPF filters and Demarc Gary Danko (Jul 28)