[Snort-users] Network Variables

Seth Dunn seth at ...16266...
Tue Apr 30 22:17:52 EDT 2013

My bpf file is ignore.bpf and has one line in it::
not net ||

I have also tried variations of that rule using ! instead of  not...
Using && instead of ||
I have also used the rule across two lines like 
not net &&
not net
But that also did not work.

I have the bpf file defined in my snort.conf file :: config bpf_file:
I also call it with the switch -F d:\snort\etc\ignore.bpf

Still nothing.  Traffic is not ignored/filtered out....snort still
alerts on it.

-----Original Message-----
From: waldo kitty [mailto:wkitty42 at ...14940...] 
Sent: Tuesday, April 30, 2013 9:47 PM
To: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Network Variables

On 4/30/2013 19:28, Seth Dunn wrote:
> Right, and I set up the text file, and snort started and read the
> But it didn't filter out the traffic.
> And I have followed the examples I have seen creating the file, but it

> is not working as expected.

please post the contents of the file and the command line you used to
start snort...

NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org to stay current on all the latest
Snort news!

More information about the Snort-users mailing list