[Oisf-users] Suricata and BPF filters
Peter Bates
peter.bates at ucl.ac.uk
Tue May 29 13:35:20 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello all
I'm trying the following with Suricata (cloned from git earlier today)
suricata -c /etc/suricata/suricata.yaml --af-packet=eth6
- --runmode=workers -F /etc/suricata/bpf
The contents of the BPF is:
net (144.82.114.0/23) or host (193.60.236.98 or 91.233.244.102 or
74.207.249.7 or 50.116.35.158 or 23.21.71.54 or 128.61.240.94 or
50.62.12.103 or 82.141.230.155 or 194.98.50.137)
- - which I've used as the -F argument to Snort and which appears to
work okay but with Suricata I'm definitely seeing hits that do not
match the above.
Is there something wrong with my BPF list or am I missing something?
- --
Peter Bates
Senior Computer Security Officer Phone: +44(0)2076792049
Information Services Division Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJPxNCYAAoJELhVoVpEMS6R6IAH/2a0f60TFS1cHl44S5x1C7np
E8iEprrY5uazIyKWnj+vl0q62r6FhtOOmJCxbJorX9qyh4u6trHH3XTM3R+An4eg
p6NYGTlDfa5T9JaF9G6/XJP30Kd7RmYsZR1S9b5P2WJCCDCnMeGOI6Xb3aJ3NEPE
Y7Pw+7xf7VKm7q49FBd82RRR7RIz4U80j0OqQ500UTqWEvVVVON9xe1BCPZnhSqL
Oh0aYMT2z2bwwNgESDrdSENqFP6NYpw/ci8DHfvIEYk1Z4eentYb0PpaFlDfXIrW
HE1gI6NjFL7n8bMnPgcHKWrBUrBNYTiIW9AzUh6BSzDUKtY5RH7cUMz0n0c1xjA=
=4Gj9
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list