<br><br><div class="gmail_quote">On Tue, May 29, 2012 at 3:42 PM, Victor Julien <span dir="ltr"><<a href="mailto:victor@inliniac.net" target="_blank">victor@inliniac.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im">-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>
<br>
</div><div class="im">On 05/29/2012 03:35 PM, Peter Bates wrote:<br>
><br>
> Hello all<br>
><br>
> I'm trying the following with Suricata (cloned from git earlier<br>
> today)<br>
><br>
> suricata -c /etc/suricata/suricata.yaml --af-packet=eth6<br>
</div><div class="im">> --runmode=workers -F /etc/suricata/bpf<br>
><br>
> The contents of the BPF is:<br>
><br>
> net (<a href="http://144.82.114.0/23" target="_blank">144.82.114.0/23</a>) or host (193.60.236.98 or 91.233.244.102 or<br>
> 74.207.249.7 or 50.116.35.158 or 23.21.71.54 or 128.61.240.94 or<br>
> 50.62.12.103 or 82.141.230.155 or 194.98.50.137)<br>
><br>
> - which I've used as the -F argument to Snort and which appears to<br>
> work okay but with Suricata I'm definitely seeing hits that do not<br>
> match the above.<br>
><br>
> Is there something wrong with my BPF list or am I missing<br>
> something?<br>
<br>
</div>BPF is not yet supported for af_packet:<br>
<a href="https://redmine.openinfosecfoundation.org/issues/440" target="_blank">https://redmine.openinfosecfoundation.org/issues/440</a><br>
<br>
- --<br>
- ---------------------------------------------<br>
Victor Julien<br>
<a href="http://www.inliniac.net/" target="_blank">http://www.inliniac.net/</a><br>
PGP: <a href="http://www.inliniac.net/victorjulien.asc" target="_blank">http://www.inliniac.net/victorjulien.asc</a><br>
- ---------------------------------------------<br>
<br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v1.4.11 (GNU/Linux)<br>
<div class="im">Comment: Using GnuPG with Mozilla - <a href="http://enigmail.mozdev.org/" target="_blank">http://enigmail.mozdev.org/</a><br>
<br>
</div>iEYEARECAAYFAk/E0lMACgkQiSMBBAuniMektQCfUJXqB4mu/MEE3VLHmzpsqk1A<br>
QZgAn2QHpW8EnnjfbRyYkuTA2CU3U7KQ<br>
=elbh<br>
<div class="HOEnZb"><div class="h5">-----END PGP SIGNATURE-----<br>
_______________________________________________<br>
Oisf-users mailing list<br>
<a href="mailto:Oisf-users@openinfosecfoundation.org">Oisf-users@openinfosecfoundation.org</a><br>
<a href="http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
</div></div></blockquote></div><br>Out of curiosity If you try :<br>suricata -c /etc/suricata/suricata.yaml -i eth6 -F /etc/suricata/bpf<br><br>would you still have the issue ?<br clear="all"><br>-- <br><div>Regards,</div>

<div>Peter Manev</div><br>