[Snort-users] second layer header error

Andy Beal abeal at ...316...
Tue Oct 31 00:43:22 EST 2000


Use a /32 after your IP.   for instance,    32 means 32
bit in ths subnet,  In various documenetions of the
TCP/IP protocol this means only one address will be defined as your Home
Network.  As opposed to meaning 255 addresses defined, 24
bits in the subnet mask. 

Andy Beal
Matrix Integration

-----Original Message-----
From: Andrew Hall [mailto:ahall at ...724...]
Sent: Monday, October 30, 2000 1:57 PM
To: Fyodor
Cc: snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] second layer header error

Thanks. I have removed the -e, but I still receive the below error.  Can
someone tell me if there is a way to disable snort looking at netmask or
I interperting this error incorrectly.

	/test/lib/backdoor.sigbased.rules (6) =>  No netmask specified
for IP

If I do an ifconfig on ppp0 I see no netmask defined for that interface.
it possible to run snort on a ppp interface created by pppoe?

Again please reply to me as I am not on this list.

Thanks again in advance.

Andrew Hall

-----Original Message-----
From: Fyodor [mailto:fygrave at ...121...]
Sent: Monday, October 30, 2000 1:01 PM
To: Andrew Hall
Subject: Re: [Snort-users] second layer header error

On Mon, Oct 30, 2000 at 10:55:46AM -0500, Andrew Hall wrote:
> Hello,
> I have setup pppoe in a lab environment here.  I have a pppoe server
> client talking correctly and establishing a connection correctly.  I
> like to be able to use snort on the ppp0 interface created by the
> connection.  I am starting snort like this:
> 	"/usr/bin/snort -i ppp0 -c /test/lib/snort-rules -e".
> I receive the following error:
> 	"There's no second layer header available for this datalink"

Drop -e switch here. :) we don't decode ppp0 headers since they will not
tell you too much anyway :)

> Then I see this error at the bottom of the snort output:
> 	"/test/lib/backdoor.sigbased.rules (6) =>  No netmask specified
for IP
> address"

Snort-users mailing list
Snort-users at lists.sourceforge.net

More information about the Snort-users mailing list