[Oisf-users] Suricata 4.1-beta1 and bpf filters
Peter Manev
petermanev at gmail.com
Tue Jun 19 07:08:16 UTC 2018
> On 19 Jun 2018, at 09:52, C. L. Martinez <carlopmart at gmail.com> wrote:
>
> Hi all,
>
> I have problems with Suricata 4.1-beta1 and bpf filters. As an example:
>
> (ip and (src host (192.168.5.1 or 192.168.5.30 or 192.168.5.31 or 192.168.5 250 or 192.168.5 251 or 192.168.5.252 or 192.168.5.253 or 192.168.5.250 or 192.168.5.251 or 192.168.5.252 or 192.168.5.253) and
> (tcp dst port (22 or 25 or 80 or 443 or 445 or 8009 or 8080 or 8081 or 8082 or 8083 or 8084 or 8085 or 8086 or 8087 or 8088 or 8139 or 9443))) and
> not host ( 192.168.6.35 or 192.168.6.36))
>
> This filter works without problems in tcpdump, but suricata doesn't process it ... Suricata command line is:
>
> suricata -c /etc/suricata/suricata.yaml --pidfile /var/run/suricata.pid --pfring=eno2 -vvv -k none -F /etc/suricata/filter_policy.conf
Any warnings/errs in the start command output ?
>
> Any idea?
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
More information about the Oisf-users
mailing list