Hi,<br><br>If you have the possibility to try <br>suricata -c /etc/suricata/suricata.yaml -i eth6 -F /etc/suricata/bpf<br><br>would you still have the issue?<br>(trying to narrow down the issue)<br>thanks<br><br><div class="gmail_quote">
On Tue, May 29, 2012 at 3:35 PM, Peter Bates <span dir="ltr"><<a href="mailto:peter.bates@ucl.ac.uk" target="_blank">peter.bates@ucl.ac.uk</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>
<br>
<br>
Hello all<br>
<br>
I'm trying the following with Suricata (cloned from git earlier today)<br>
<br>
suricata -c /etc/suricata/suricata.yaml --af-packet=eth6<br>
- --runmode=workers -F /etc/suricata/bpf<br>
<br>
The contents of the BPF is:<br>
<br>
net (<a href="http://144.82.114.0/23" target="_blank">144.82.114.0/23</a>) or host (193.60.236.98 or 91.233.244.102 or<br>
74.207.249.7 or 50.116.35.158 or 23.21.71.54 or 128.61.240.94 or<br>
50.62.12.103 or 82.141.230.155 or 194.98.50.137)<br>
<br>
- - which I've used as the -F argument to Snort and which appears to<br>
work okay but with Suricata I'm definitely seeing hits that do not<br>
match the above.<br>
<br>
Is there something wrong with my BPF list or am I missing something?<br>
<br>
- --<br>
Peter Bates<br>
Senior Computer Security Officer    Phone: <a href="tel:%2B44%280%292076792049" value="+442076792049">+44(0)2076792049</a><br>
Information Services Division       Internal Ext: 32049<br>
University College London<br>
London WC1E 6BT<br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v2.0.17 (MingW32)<br>
Comment: Using GnuPG with Mozilla - <a href="http://enigmail.mozdev.org/" target="_blank">http://enigmail.mozdev.org/</a><br>
<br>
iQEcBAEBAgAGBQJPxNCYAAoJELhVoVpEMS6R6IAH/2a0f60TFS1cHl44S5x1C7np<br>
E8iEprrY5uazIyKWnj+vl0q62r6FhtOOmJCxbJorX9qyh4u6trHH3XTM3R+An4eg<br>
p6NYGTlDfa5T9JaF9G6/XJP30Kd7RmYsZR1S9b5P2WJCCDCnMeGOI6Xb3aJ3NEPE<br>
Y7Pw+7xf7VKm7q49FBd82RRR7RIz4U80j0OqQ500UTqWEvVVVON9xe1BCPZnhSqL<br>
Oh0aYMT2z2bwwNgESDrdSENqFP6NYpw/ci8DHfvIEYk1Z4eentYb0PpaFlDfXIrW<br>
HE1gI6NjFL7n8bMnPgcHKWrBUrBNYTiIW9AzUh6BSzDUKtY5RH7cUMz0n0c1xjA=<br>
=4Gj9<br>
-----END PGP SIGNATURE-----<br>
<br>
_______________________________________________<br>
Oisf-users mailing list<br>
<a href="mailto:Oisf-users@openinfosecfoundation.org">Oisf-users@openinfosecfoundation.org</a><br>
<a href="http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
</blockquote></div><br><br clear="all"><br>-- <br><div>Regards,</div>
<div>Peter Manev</div><br>