[Snort-users] Snort/Sniffing and CIDR blocks

Guy Bruneau bruneau at ...126...
Fri Jan 26 19:52:01 EST 2001


In order to use Snort as a sniffer, you need to use the following syntax:

snort ip and net xx.xx.xx.xx/30 -dv

Hope this help,


Daniel Harrison wrote:

> I have been using snort as a sniffer (along as an ids) for  a while.
> Today however was the first time I tried to use a CIDR block as the host
> command. I have cleaned the ip address but I was trying to get a /30
> which if memory serves me is 4 hosts. Is my syntax wrong or does this
> really not work?
> [root at ...1221... /root]# snort -dv host xx.xx.xxx.xx/30
>         --== Initializing Snort ==--
> Initializing Network Interface eth0
> ERROR: OpenPcap() FSM compilation failed:
>         non-network bits set in "xx.xx.xxx.xx/30"
> PCAP command: host xx.xx.xxx.xx/30
> thanks.
> -dan

More information about the Snort-users mailing list