[Snort-users] Snort Version 2.9.4-WIN32 GRE (Build 40) on Windows 7 fails with the Error: Failed to parse the IP address:

HORNER, LARRY J lh248x at ...1982...
Wed Feb 27 17:21:56 EST 2013


Snort Version 2.9.4-WIN32 GRE (Build 40) on Windows 7 fails with the Error: Failed to parse the IP address:

ERROR: ..\etc\snort.conf(0) Failed to parse the IP address: 132.64.0.0/204.78.32


Sample of the command line running from an Administrator cmd shell.

C:\Snort\bin>snort -d -l C:\Snort\log -c C:\Snort\etc\snort.conf -i 1 -T
Running in Test mode

        --== Initializing Snort ==--
Initializing Output Plugins!
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file "C:\Snort\etc\snort.conf"
ERROR: C:\Snort\etc\snort.conf(0) Failed to parse the IP address: 4.161.0.0/76.1
73.36.0.
Fatal Error, Quitting..


The interfaces available are:
C:\Snort\bin>snort -W 

   ,,_     -*> Snort! <*-
  o"  )~   Version 2.9.4-WIN32 GRE (Build 40)
   ''''    By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-t
eam
           Copyright (C) 1998-2012 Sourcefire, Inc., et al.
           Using PCRE version: 8.10 2010-06-25
           Using ZLIB version: 1.2.3

Index   Physical Address        IP Address      Device Name     Description
-----   ----------------        ----------      -----------     -----------
    1   A0:B3:CC:C6:91:DB       0000:0000:fe80:0000:0000:0000:a2b3:ccff \Device\
NPF_{0AD1CAB2-C383-4E01-BEE7-FB58FF53D81C}      Intel(R) 82579LM Gigabit Network
 Connection
    2   00:05:9A:3C:78:00       0000:0000:fe80:0000:0000:0000:0205:9aff \Device\
NPF_{5C39B775-CBA4-4881-95C6-4BF605635568}      Cisco Systems VPN Adapter
    3   00:00:00:00:00:00       0000:0000:fe80:0000:0000:0000:02ff:70ff \Device\
NPF_{702D99BE-33C6-4C11-AB1D-04EE97199B01}      VPN-Win32 Adapter V8
    4   00:00:00:00:00:00       0000:0000:fe80:0000:0000:0000:2677:03ff \Device\
NPF_{ABA78611-3142-4AB6-9AFF-B2401532E988}      Microsoft
    5   00:00:00:00:00:00       0000:0000:fe80:0000:0000:0000:2677:03ff \Device\
NPF_{27859974-EC73-4007-B563-09F45BFA4E4F}      Microsoft


The contents of the C:\Snort\etc directory - with the Windows paths updated in the snort.conf file:
C:\Snort\bin>dir C:\Snort\etc
 Volume in drive C is SYSTEM
 Volume Serial Number is 3E1A-41A3

 Directory of C:\Snort\etc

02/26/2013  04:38 PM    <DIR>          .
02/26/2013  04:38 PM    <DIR>          ..
06/07/2011  06:33 PM             3,757 classification.config
09/20/2012  06:09 PM            30,490 gen-msg.map
01/06/2012  09:27 AM               687 reference.config
01/24/2013  11:35 AM         1,908,680 sid-msg.map
02/27/2013  03:07 PM            24,836 snort.conf
07/06/2009  06:39 PM             2,335 threshold.conf
07/13/2011  04:43 PM           160,606 unicode.map
               7 File(s)      2,131,391 bytes
               2 Dir(s)  43,121,950,720 bytes free


Testing with a -c option to a non-existing file: - interesting -
C:\Snort\bin>snort -d -l C:\Snort\log -c ..\etc\foo.conf -i 1 -T
Running in Test mode

        --== Initializing Snort ==--
Initializing Output Plugins!
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file "..\etc\foo.conf"
ERROR: ..\etc\foo.conf(0) Failed to parse the IP address: 4.176.2.0/44.188.42.0.

Fatal Error, Quitting..

Testing with an indirect reference in place of a direct reference to the snort.conf file:
C:\Snort\bin>snort -d -l C:\Snort\log -c ..\etc\snort.conf -i 1 -T
Running in Test mode

        --== Initializing Snort ==--
Initializing Output Plugins!
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file "..\etc\snort.conf"
ERROR: ..\etc\snort.conf(0) Failed to parse the IP address: 132.64.0.0/204.78.32
.0.
Fatal Error, Quitting..


Assistance would be appreciated.
Thanks in advance,

Larry





More information about the Snort-users mailing list