Snort mailing list archives
Re: snort2.6 BPF issue?
From: John Hally <JHally () epnet com>
Date: Thu, 16 Nov 2006 15:04:26 -0500
Awesome, thanks Bamm! -----Original Message----- From: Bamm Visscher [mailto:bamm.visscher () gmail com] Sent: Thursday, November 16, 2006 2:58 PM To: John Hally Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] snort2.6 BPF issue? You need to add the keyword "vlan" to your bpf then. So, `/usr/local/snort2.6/bin/snort -v -i eth1 vlan and net 10.0.0.0/8` You'll also need to enable the VLAN option in your sensor_agent.conf Bammkkkk On 11/16/06, John Hally <JHally () epnet com> wrote:
Yes, tapping a trunk. -----Original Message----- From: Bamm Visscher [mailto:bamm.visscher () gmail com] Sent: Thursday, November 16, 2006 2:40 PM To: John Hally Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] snort2.6 BPF issue? Are you useing a SPAN port on a switch with vlan tagging? Bammkkkk On 11/16/06, John Hally <JHally () epnet com> wrote:Hello all, I'm having an issue attempting to get the log_packets.sh script from
squil
capturing traffic with 2.6. Essentially whats happening is if I use a
BPF
filter to capture traffic, but whether I use the log_packets.sh script
or
fire off snort manually using the syntax below I see no traffic at all either logging to file or printing to screen: /usr/local/snort2.6/bin/snort -v -i eth1 net 10.0.0.0/8 While: /usr/local/snort2.6/bin/snort -v -I eth1 Rifles through tons of traffic. Is BPF filters broken?
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to shareyouropinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users-- sguil - The Analyst Console for NSM http://sguil.sf.net
-- sguil - The Analyst Console for NSM http://sguil.sf.net ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort2.6 BPF issue? John Hally (Nov 16)
- Re: snort2.6 BPF issue? Bamm Visscher (Nov 16)
- <Possible follow-ups>
- Re: snort2.6 BPF issue? John Hally (Nov 16)
- Re: snort2.6 BPF issue? Bamm Visscher (Nov 16)
- Re: snort2.6 BPF issue? John Hally (Nov 16)
- Re: snort2.6 BPF issue? John Hally (Nov 16)