Snort mailing list archives

FreeBSD 5.3 OpenPcap() FSM compilation failed:

From: "Lang Hoang" <Lang () 4thpass com>
Date: Wed, 29 Dec 2004 12:04:43 -0800

I am running FreeBSD 5.3 and port installation of snort 2.1.3
It seems to run OK with default startup script in
/usr/local/etc/rc.d/snort.sh
But when I try run with option -F bpf support it failed.
 
It runs OK with the following:
/usr/local/bin/snort -c /usr/local/etc/snort.conf -i em1
 
But when I try to add -F bpf support, it failed
/usr/local/bin/snort -c /usr/local/etc/snort.conf -i em1 -F
/usr/local/share/snort/filters.bpf
 
below is the error I got
 
wa05sp# /usr/local/bin/snort -c /usr/local/etc/snort.conf -i em1 -F
/usr/local/share/snort/filters.bpf
Running in IDS mode
Log directory = /var/log/snort
 
Initializing Network Interface em1
OpenPcap() device em1 network lookup:
        em1: no IPv4 address assigned
ERROR: OpenPcap() FSM compilation failed:
        syntax error
PCAP command: not dst host 224.0.0.13
not dst host 224.0.16.171
not dst host 237.168.2.151
 
Fatal Error, Quitting..
 
wa05sp# less /usr/local/share/snort/filters.bpf
not dst host 224.0.0.13
not dst host 224.0.16.171
not dst host 237.168.2.151
/usr/local/share/snort/filters.bpf (END)
 
This is a Dell PowerEdge 2850 with 2 Gig built in network ports
 
Thanks for your help

Current thread:

FreeBSD 5.3 OpenPcap() FSM compilation failed: Lang Hoang (Dec 29)