Re: Snort 1.8.7b6 not listen to BPF filters

[Erek Adams <erek () theadamsfamily net>]

On Fri, 19 Jul 2002, Michael Scheidell wrote:

> 1.8.7 does same thing.

Ok, had to try.  :)

> /usr/local/bin/snort -doDI -m 022 -z \
> -c /usr/local/etc/snort.conf -i rl0 -l /var/log/snort \
> not src host 10.1.1.10
>
>
> does not record tcp attacks.

Ok, correct me if I'm wrong:  But that's what you want, right?
If that's the case then it the failure must be in the -F option.

> > Cause the wierd part is I don't have a problem with BPF's working.  Could it
> > be your pcap?  I'm using the 0.7.1.tar.gz from tcpdump.org.
>
> Im using whatever library it finds on FBSD 4.5.

Might want to check and see which libpcap it's linking to with ldd...

Ping thought, but does TCPdump show the same behavior when passing it a 'file'
of filters?

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users