|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: James Lay (jlay
slave-tothe-box.net)
Date: Thu May 02 2013 - 10:14:30 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Try adding the quotes in the bpf file and see what happens.
On 2013-05-02 09:06, Seth Dunn wrote:
> This works::
> C:\>d:\snort\bin\snort -c d:\snort\etc\snort2.conf -i2 -T "not net
> 10.10.0.0/24
> and dst host 10.75.45.1 && dst port 80 or not net 10.30.0.0/24 and
> dst
> host 10.7
> 5.45.1 && dst port 80"
>
> So how can I transfer that from the command line, to the bpf file?
> Because as I mentioned earlier, using multiple lines in the file, it
> fails.
> Trying to comment a line, it fails.
>
> Not to mention that when using the bpf file, it seems to stop
> alerting
> on anything.....so all traffic is captured, because I see activity on
> the interface....but snort does not alert on stuff it should.
------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]