Re: Network Variables

[James Lay <jlay () slave-tothe-box net>]

Try adding the quotes in the bpf file and see what happens.

On 2013-05-02 09:06, Seth Dunn wrote:
> This works::
> C:\>d:\snort\bin\snort -c d:\snort\etc\snort2.conf -i2 -T "not net
> 10.10.0.0/24
> and dst host 10.75.45.1 && dst port 80 or not net 10.30.0.0/24 and 
> dst
> host 10.7
> 5.45.1 && dst port 80"
>
> So how can I transfer that from the command line, to the bpf file?
> Because as I mentioned earlier, using multiple lines in the file, it
> fails.
> Trying to comment a line, it fails.
>
> Not to mention that when using the bpf file, it seems to stop 
> alerting
> on anything.....so all traffic is captured, because I see activity on
> the interface....but snort does not alert on stuff it should.


------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!