[Snort-users] second layer header error

Andrew Hall ahall at ...724...
Tue Oct 31 04:37:01 EST 2000


Hello,

I would like to let everyone know I got to the bottom of my problem here.  We have a process that populates the $HOME_NET var with the IP/CIDR of the box.  This does not work with a ppp interface
because there is no netmask specified for a ppp interface.  Thankyou for all you time and assistance. 

Andrew


Andy Beal wrote:
> 
> Andrew,
> 
> Use a /32 after your IP.   for instance,   10.1.1.1/32.    32 means 32
> bit in ths subnet, 255.255.255.255.  In various documenetions of the
> TCP/IP protocol this means only one address will be defined as your Home
> Network.  As opposed to 10.1.1.0/24 meaning 255 addresses defined, 24
> bits in the subnet mask.
> 
> Andy Beal
> CNE, CCNA
> Matrix Integration
> http://www.matrixintegration.com/
> 
> -----Original Message-----
> From: Andrew Hall [mailto:ahall at ...724...]
> Sent: Monday, October 30, 2000 1:57 PM
> To: Fyodor
> Cc: snort-users at lists.sourceforge.net
> Subject: RE: [Snort-users] second layer header error
> 
> Thanks. I have removed the -e, but I still receive the below error.  Can
> someone tell me if there is a way to disable snort looking at netmask or
> am
> I interperting this error incorrectly.
> 
>         /test/lib/backdoor.sigbased.rules (6) =>  No netmask specified
> for IP
> address
> 
> If I do an ifconfig on ppp0 I see no netmask defined for that interface.
> Is
> it possible to run snort on a ppp interface created by pppoe?
> 
> Again please reply to me as I am not on this list.
> 
> Thanks again in advance.
> 
> Andrew Hall
> 
> -----Original Message-----
> From: Fyodor [mailto:fygrave at ...121...]
> Sent: Monday, October 30, 2000 1:01 PM
> To: Andrew Hall
> Subject: Re: [Snort-users] second layer header error
> 
> On Mon, Oct 30, 2000 at 10:55:46AM -0500, Andrew Hall wrote:
> > Hello,
> >
> > I have setup pppoe in a lab environment here.  I have a pppoe server
> and
> > client talking correctly and establishing a connection correctly.  I
> would
> > like to be able to use snort on the ppp0 interface created by the
> above
> > connection.  I am starting snort like this:
> >       "/usr/bin/snort -i ppp0 -c /test/lib/snort-rules -e".
> > I receive the following error:
> >       "There's no second layer header available for this datalink"
> 
> Drop -e switch here. :) we don't decode ppp0 headers since they will not
> tell you too much anyway :)
> 
> > Then I see this error at the bottom of the snort output:
> >       "/test/lib/backdoor.sigbased.rules (6) =>  No netmask specified
> for IP
> > address"
> >
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users



More information about the Snort-users mailing list