Snort 1.8.7b6 not listen to BPF filters

[Michael Boman <michael.boman () securecirt com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I have some issues with Snort and I was hoping you could give me some help.

I have tried to make Snort ignore traffic from a specific address (namely the 
vuln-scan server) without much luck. I have tried:

/usr/bin/snort -D -U -o -i eth1 -c /etc/snort_eth1/snort.conf -z not host 
x.x.x.x

and

usr/bin/snort -D -U -o -i eth1 -c /etc/snort_eth1/snort.conf -F 
/etc/snort_eth1/ignore.bpf -z

where content of 'ignore.bpf' is:
not host x.x.x.x

Of course, x.x.x.x is the real IP address of the vuln-scan server...

Any ideas what could be wrong?

Best regards
 Michael Boman

- -- 
Michael Boman
Security Architect, SecureCiRT (A SBU of Z-Vance Pte Ltd)
http://www.securecirt.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9NsbNds5fQJiraJwRAus+AJ9CLkzaL1XNGDvq0dwlROJs21v91wCgmvPB
UvGPZFhAkRbNhOULE3Q4zk4=
=bAe1
-----END PGP SIGNATURE-----



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users