[Snort-users] Snort 1.8.7b6 not listen to BPF filters
scheidell at ...5171...
Fri Jul 19 11:58:06 EDT 2002
> A couple of things here:
> 1) Update to 1.8.7 since it's been released and has many bugfixes
> backported from 1.9 into it.
1.8.7 does same thing.
> 2) try it without using a "file".
> snort <options> 'not host foo'
/usr/local/bin/snort -doDI -m 022 -z \
-c /usr/local/etc/snort.conf -i rl0 -l /var/log/snort \
not src host 10.1.1.10
does not record tcp attacks.
> 3) compile with debug and set DEBUG_INIT and DEBUG_CONFIGURES, then
> fire off with and without using the -F option. See if there's anything odd
> going on.
guess thats next.
> Cause the wierd part is I don't have a problem with BPF's working. Could it
> be your pcap? I'm using the 0.7.1.tar.gz from tcpdump.org.
Im using whatever library it finds on FBSD 4.5.
SECNAP Network Security, LLC
Sales: 866-SECNAPNET / (1-866-732-6276)
Main: 561-368-9561 / www.secnap.net
Positions available see http://www.secnap.net/employment/
More information about the Snort-users