[Snort-devel] pv.homenet question
jpa3nos at ...1264...
Fri Oct 25 04:26:01 EDT 2002
I have a question regarding pv.homenet.
Does this variable refer to the var HOMENET in snort.conf file and the arg -h given in command line or just to the arg -h in command line ?
Let me make it more clear :
I'm trying to built a preproccessor in snort-1.8.7 and i use the functions SourceIpIsHomenet(p) and DestinationIpIsHomenet(p) printing out the results of them.
I edit the snort.conf file and i give to the Homenet var a value X.X.X.X/Y
Then i run <snort -c snort.conf > and i ping the machine which runs snort from another machine having an IP that is not included in the XXXX/Y range.
Both of the above functions return that all IP's in the ping packets (requests and replies) are from Homenet.
Then i run <snort -h X.X.X.X/Y -c snort.conf > and i'm pinging the same way as before but this time get the right results (requests ---> not Homenet , replies Homenet).
My assumption is that the HOMENET var in snort.conf file is only used for the rules and not the way snort is running as far as the homenet argument is concered. So does the pv.homenet struct member only refer to the command line argument ?
Tanks in advance .
Regards John .
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-devel