[Snort-users] Snort/Sniffing and CIDR blocks
bruneau at ...126...
Fri Jan 26 19:52:01 EST 2001
In order to use Snort as a sniffer, you need to use the following syntax:
snort ip and net xx.xx.xx.xx/30 -dv
Hope this help,
Daniel Harrison wrote:
> I have been using snort as a sniffer (along as an ids) for a while.
> Today however was the first time I tried to use a CIDR block as the host
> command. I have cleaned the ip address but I was trying to get a /30
> which if memory serves me is 4 hosts. Is my syntax wrong or does this
> really not work?
> [root at ...1221... /root]# snort -dv host xx.xx.xxx.xx/30
> --== Initializing Snort ==--
> Initializing Network Interface eth0
> ERROR: OpenPcap() FSM compilation failed:
> non-network bits set in "xx.xx.xxx.xx/30"
> PCAP command: host xx.xx.xxx.xx/30
More information about the Snort-users