[Snort-users] Snort 1.8.7b6 not listen to BPF filters
erek at ...577...
Fri Jul 19 11:43:02 EDT 2002
On Fri, 19 Jul 2002, Michael Scheidell wrote:
> I have had the same problem since 1.8.6.x
> Sent in several requests for guidance, none of them have been very helpful
> so far.
A couple of things here:
1) Update to 1.8.7 since it's been released and has many bugfixes
backported from 1.9 into it.
2) try it without using a "file".
snort <options> 'not host foo'
3) compile with debug and set DEBUG_INIT and DEBUG_CONFIGURES, then
fire off with and without using the -F option. See if there's anything odd
Cause the wierd part is I don't have a problem with BPF's working. Could it
be your pcap? I'm using the 0.7.1.tar.gz from tcpdump.org.
More information about the Snort-users