[Snort-users] Snort 2.3.0 and p2p rules question

A Bose abose at ...13109...
Tue Mar 1 08:17:57 EST 2005

I am trying to play back a tcpdump/libpcap trace using the p2p.rules but 
getting an error. I modified /etc/snort/snort.conf and put in a line:

## include somefile.rules
include /etc/snort/rules/p2p.rules

In my case, both HOME_NET and EXTERNAL_NET are set to "any". When I do 
the following:

$ snort -dvr file.pcap  -c /etc/snort/snort.conf

I get an error:

Running in IDS mode
TCPDUMP file reading mode.
Reading network traffic from "file.pcap" file.
snaplen = 100

         --== Initializing Snort ==--
Initializing Output Plugins!
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file /etc/snort/snort.conf

Initializing rule chains...
ERROR: /etc/snort/rules/p2p.rules(10) => Unknown ClassType: policy-violation
Fatal Error, Quitting..

Can someone please tell me what I am doing wrong ? I am a *very* new 
user of snort (and that may be just the problem!)


Abhijit Bose
University of Michigan

More information about the Snort-users mailing list