Snort mailing list archives
Re: Network Variables
From: James Lay <jlay () slave-tothe-box net>
Date: Thu, 2 May 2013 06:10:09 -0600
Quotation marks may be needed…try appending via command line as well. James On May 2, 2013, at 5:50 AM, Seth Dunn <seth () d2ms com> wrote:
What is DAQ? I have seen that, but have no idea what that is. As far as my bpf file goes, if it is like this:: #not net 10.10.0.0/24 and not net 10.30.0.0/24 not net 10.10.0.0/24 and dst host 10.75.45.1 && dst port 80 or not net 10.30.0.0/24 and dst host 10.75.45.1 && dst port 80 It will fail with:: Reading filter from bpf file: D:\Snort\etc\ignore2.bpf ERROR: short read D:\Snort\etc\ignore2.bpf (169 != 170) Fatal Error, Quitting.. If I remove the commented line, then snort starts fine. If I try to have multiple lines in the file, (all being rules, no comments) the it will fail with a similar error as above. I have never seen a DAQ error. From: Russ Combs [mailto:rcombs () sourcefire com] Sent: Thursday, May 02, 2013 12:08 AM To: waldo kitty Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Network Variables Snort does allow comments in the BPF file, starting with # to end of line. If there is a syntax error, you should see something like: ERROR: Can't set DAQ BPF filter to ' ... ' (pcap_daq_set_filter: pcap_compile: syntax error)! Fatal Error, Quitting.. What DAQ are you using? Please send the BPF file that fails and the error that you get. On Wed, May 1, 2013 at 10:07 PM, waldo kitty <wkitty42 () windstream net> wrote: On 5/1/2013 13:09, Seth Dunn wrote:But any ideas why snort fails to start if I add in a '#' to comment a line??i have no clue but it sounds like a coding error not allowing comment lines i the BPF file... only joel or one of the snort dev guys can tell us that... or possibly a code diver who can root around in the snort code ;) -- NOTE: No off-list assistance is given without prior approval. Please keep mailing list traffic on the list unless private contact is specifically requested and granted. ------------------------------------------------------------------------------ Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET Get 100% visibility into your production application - at no cost. Code-level diagnostics for performance bottlenecks with <2% overhead Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------------------------ Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET Get 100% visibility into your production application - at no cost. Code-level diagnostics for performance bottlenecks with <2% overhead Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap1_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET Get 100% visibility into your production application - at no cost. Code-level diagnostics for performance bottlenecks with <2% overhead Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Network Variables, (continued)
- Re: Network Variables waldo kitty (Apr 30)
- Re: Network Variables Seth Dunn (Apr 30)
- Re: Network Variables Michael Green (Apr 30)
- Re: Network Variables Seth Dunn (May 01)
- Re: Network Variables Seth Dunn (May 01)
- Re: Network Variables waldo kitty (May 01)
- Re: Network Variables Seth Dunn (May 01)
- Re: Network Variables waldo kitty (May 01)
- Re: Network Variables Russ Combs (May 01)
- Re: Network Variables Seth Dunn (May 02)
- Re: Network Variables James Lay (May 02)
- Re: Network Variables Seth Dunn (May 02)
- Re: Network Variables Seth Dunn (May 02)
- Re: Network Variables James Lay (May 02)
- Re: Network Variables Seth Dunn (May 02)
- Re: Network Variables James Lay (May 02)
- Re: Network Variables Seth Dunn (May 02)
- Re: Network Variables Seth Dunn (May 02)
- Re: Network Variables James Lay (May 02)
- Re: Network Variables Castle, Shane (May 02)
- Re: Network Variables Seth Dunn (May 02)