Home page logo
/

snort logo Snort mailing list archives

Re: Network Variables
From: "Seth Dunn" <seth () d2ms com>
Date: Thu, 2 May 2013 15:42:49 -0400

Yep, I plan to comment, because I am sure that it will be me coming back
to the file sometime later and totally forgetting everything. :D

I have also update the forum over at WinSnort, so that anyone else that
is setting it up on Windows will be aware of the issue.

-----Original Message-----
From: waldo kitty [mailto:wkitty42 () windstream net] 
Sent: Thursday, May 02, 2013 3:35 PM
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Network Variables

On 5/2/2013 15:24, Seth Dunn wrote:
Yes, as James said, thanks for breaking it down. Very instructive.

you are welcome... sometimes we have to back up from the forest to see
everything clearly and then we can take small bites out of its arse as
needed :P

I have configured my bpf file as you suggested:: not (net 
(10.10.0.0/24 or
10.30.0.0/24) and host 10.75.45.1 and port 80)

Snort starts and is running, so I will watch it and see how things go.

good deal... and since you figured out the EoL problem was the culprit,
i suggest you place some comment lines explaining what that object mask
does for you just in case you have to add others and/or someone else
needs to maintain the setup ;)

Since this is in a file, I don't have to do quotes there, only if I 
run it from the command line. The problem with the bpf file was what 
Shane suggested earlier, how the text editor was handling the end of 
line character.  Snort, (I am guessing the bpf engine it uses) does 
not like the Windows style characters...it is only configured for *nix

style editors.  May be something they want to address in future 
releases....because it is an odd problem and one I didn't immediately 
think of (obviously)....especially since the snort.conf file is read
fine.

as i wrote to you in private, good catch on that... now we can only hope
that the maintainers handle that problem so that it doesn't rear its
head and bite someone else :)

Thanks again to all for the help and information on this....it has 
been very enlightening.

i'm glad it has helped and i hope that others gain some insight, too :)

--
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------
------
Get 100% visibility into Java/.NET code with AppDynamics Lite It's a
free troubleshooting tool designed for production Get down to code-level
detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap2
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!

------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite
It's a free troubleshooting tool designed for production
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap2
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault