[Snort-users] second layer header error

Andy Beal abeal at ...316...
Tue Oct 31 00:43:22 EST 2000


Andrew,

Use a /32 after your IP.   for instance,   10.1.1.1/32.    32 means 32
bit in ths subnet, 255.255.255.255.  In various documenetions of the
TCP/IP protocol this means only one address will be defined as your Home
Network.  As opposed to 10.1.1.0/24 meaning 255 addresses defined, 24
bits in the subnet mask. 

Andy Beal
CNE, CCNA
Matrix Integration
http://www.matrixintegration.com/

-----Original Message-----
From: Andrew Hall [mailto:ahall at ...724...]
Sent: Monday, October 30, 2000 1:57 PM
To: Fyodor
Cc: snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] second layer header error


Thanks. I have removed the -e, but I still receive the below error.  Can
someone tell me if there is a way to disable snort looking at netmask or
am
I interperting this error incorrectly.


	/test/lib/backdoor.sigbased.rules (6) =>  No netmask specified
for IP
address

If I do an ifconfig on ppp0 I see no netmask defined for that interface.
Is
it possible to run snort on a ppp interface created by pppoe?

Again please reply to me as I am not on this list.

Thanks again in advance.


Andrew Hall

-----Original Message-----
From: Fyodor [mailto:fygrave at ...121...]
Sent: Monday, October 30, 2000 1:01 PM
To: Andrew Hall
Subject: Re: [Snort-users] second layer header error


On Mon, Oct 30, 2000 at 10:55:46AM -0500, Andrew Hall wrote:
> Hello,
>
> I have setup pppoe in a lab environment here.  I have a pppoe server
and
> client talking correctly and establishing a connection correctly.  I
would
> like to be able to use snort on the ppp0 interface created by the
above
> connection.  I am starting snort like this:
> 	"/usr/bin/snort -i ppp0 -c /test/lib/snort-rules -e".
> I receive the following error:
> 	"There's no second layer header available for this datalink"

Drop -e switch here. :) we don't decode ppp0 headers since they will not
tell you too much anyway :)

> Then I see this error at the bottom of the snort output:
> 	"/test/lib/backdoor.sigbased.rules (6) =>  No netmask specified
for IP
> address"
>

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
http://lists.sourceforge.net/mailman/listinfo/snort-users



More information about the Snort-users mailing list