[Snort-users] second layer header error
abeal at ...316...
Tue Oct 31 00:43:22 EST 2000
Use a /32 after your IP. for instance, 10.1.1.1/32. 32 means 32
bit in ths subnet, 255.255.255.255. In various documenetions of the
TCP/IP protocol this means only one address will be defined as your Home
Network. As opposed to 10.1.1.0/24 meaning 255 addresses defined, 24
bits in the subnet mask.
From: Andrew Hall [mailto:ahall at ...724...]
Sent: Monday, October 30, 2000 1:57 PM
Cc: snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] second layer header error
Thanks. I have removed the -e, but I still receive the below error. Can
someone tell me if there is a way to disable snort looking at netmask or
I interperting this error incorrectly.
/test/lib/backdoor.sigbased.rules (6) => No netmask specified
If I do an ifconfig on ppp0 I see no netmask defined for that interface.
it possible to run snort on a ppp interface created by pppoe?
Again please reply to me as I am not on this list.
Thanks again in advance.
From: Fyodor [mailto:fygrave at ...121...]
Sent: Monday, October 30, 2000 1:01 PM
To: Andrew Hall
Subject: Re: [Snort-users] second layer header error
On Mon, Oct 30, 2000 at 10:55:46AM -0500, Andrew Hall wrote:
> I have setup pppoe in a lab environment here. I have a pppoe server
> client talking correctly and establishing a connection correctly. I
> like to be able to use snort on the ppp0 interface created by the
> connection. I am starting snort like this:
> "/usr/bin/snort -i ppp0 -c /test/lib/snort-rules -e".
> I receive the following error:
> "There's no second layer header available for this datalink"
Drop -e switch here. :) we don't decode ppp0 headers since they will not
tell you too much anyway :)
> Then I see this error at the bottom of the snort output:
> "/test/lib/backdoor.sigbased.rules (6) => No netmask specified
Snort-users mailing list
Snort-users at lists.sourceforge.net
More information about the Snort-users