Home page logo

snort logo Snort mailing list archives

Re: Network Variables
From: James Lay <jlay () slave-tothe-box net>
Date: Thu, 02 May 2013 09:14:30 -0600

Try adding the quotes in the bpf file and see what happens.

On 2013-05-02 09:06, Seth Dunn wrote:
This works::
C:\>d:\snort\bin\snort -c d:\snort\etc\snort2.conf -i2 -T "not net
and dst host && dst port 80 or not net and 
host 10.7
5.45.1 && dst port 80"

So how can I transfer that from the command line, to the bpf file?
Because as I mentioned earlier, using multiple lines in the file, it
Trying to comment a line, it fails.

Not to mention that when using the bpf file, it seems to stop 
on anything.....so all traffic is captured, because I see activity on
the interface....but snort does not alert on stuff it should.

Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]