|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: James Lay (jlay
slave-tothe-box.net)
Date: Thu May 02 2013 - 07:10:09 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Quotation marks may be needed…try appending via command line as well.
James
On May 2, 2013, at 5:50 AM, Seth Dunn <sethd2ms.com> wrote:
> What is DAQ? I have seen that, but have no idea what that is.
> As far as my bpf file goes, if it is like this::
>
> #not net 10.10.0.0/24 and not net 10.30.0.0/24
> not net 10.10.0.0/24 and dst host 10.75.45.1 && dst port 80 or not net 10.30.0.0/24 and dst host 10.75.45.1 && dst port 80
>
> It will fail with::
> Reading filter from bpf file: D:\Snort\etc\ignore2.bpf
> ERROR: short read D:\Snort\etc\ignore2.bpf (169 != 170)
> Fatal Error, Quitting..
>
> If I remove the commented line, then snort starts fine.
> If I try to have multiple lines in the file, (all being rules, no comments) the it will fail with a similar error as above.
> I have never seen a DAQ error.
>
> From: Russ Combs [mailto:rcombssourcefire.com]
> Sent: Thursday, May 02, 2013 12:08 AM
> To: waldo kitty
> Cc: snort-userslists.sourceforge.net
> Subject: Re: [Snort-users] Network Variables
>
> Snort does allow comments in the BPF file, starting with # to end of line. If there is a syntax error, you should see something like:
>
> ERROR: Can't set DAQ BPF filter to '
> ...
> ' (pcap_daq_set_filter: pcap_compile: syntax error)!
> Fatal Error, Quitting..
>
> What DAQ are you using? Please send the BPF file that fails and the error that you get.
>
> On Wed, May 1, 2013 at 10:07 PM, waldo kitty <wkitty42windstream.net> wrote:
> On 5/1/2013 13:09, Seth Dunn wrote:
> > But any ideas why snort fails to start if I add in a '#' to comment a
> > line??
>
> i have no clue but it sounds like a coding error not allowing comment lines i
> the BPF file... only joel or one of the snort dev guys can tell us that... or
> possibly a code diver who can root around in the snort code ;)
>
> --
> NOTE: No off-list assistance is given without prior approval.
> Please keep mailing list traffic on the list unless
> private contact is specifically requested and granted.
>
> ------------------------------------------------------------------------------
> Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
> Get 100% visibility into your production application - at no cost.
> Code-level diagnostics for performance bottlenecks with <2% overhead
> Download for free and get started troubleshooting in minutes.
> http://p.sf.net/sfu/appdyn_d2d_ap1
> _______________________________________________
> Snort-users mailing list
> Snort-userslists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
>
> ------------------------------------------------------------------------------
> Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
> Get 100% visibility into your production application - at no cost.
> Code-level diagnostics for performance bottlenecks with <2% overhead
> Download for free and get started troubleshooting in minutes.
> http://p.sf.net/sfu/appdyn_d2d_ap1_______________________________________________
> Snort-users mailing list
> Snort-userslists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]