[Oisf-users] Suricata and BPF filters
Victor Julien
victor at inliniac.net
Tue May 29 13:42:43 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 05/29/2012 03:35 PM, Peter Bates wrote:
>
> Hello all
>
> I'm trying the following with Suricata (cloned from git earlier
> today)
>
> suricata -c /etc/suricata/suricata.yaml --af-packet=eth6
> --runmode=workers -F /etc/suricata/bpf
>
> The contents of the BPF is:
>
> net (144.82.114.0/23) or host (193.60.236.98 or 91.233.244.102 or
> 74.207.249.7 or 50.116.35.158 or 23.21.71.54 or 128.61.240.94 or
> 50.62.12.103 or 82.141.230.155 or 194.98.50.137)
>
> - which I've used as the -F argument to Snort and which appears to
> work okay but with Suricata I'm definitely seeing hits that do not
> match the above.
>
> Is there something wrong with my BPF list or am I missing
> something?
BPF is not yet supported for af_packet:
https://redmine.openinfosecfoundation.org/issues/440
- --
- ---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
- ---------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk/E0lMACgkQiSMBBAuniMektQCfUJXqB4mu/MEE3VLHmzpsqk1A
QZgAn2QHpW8EnnjfbRyYkuTA2CU3U7KQ
=elbh
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list