bro: pcap_complile: parse error
Joey McAlerney
joey at SiliconDefense.com
Tue Oct 5 07:19:15 PDT 1999
Hello,
I am having some trouble tracking down the source of this error. It
occurs when I run Bro 0.6 like so:
bro-pub-0.6% bro -f "myFilter" -i lo mt
bro: pcap_compile: parse error
bro-pub-0.6%
The parse error is coming from libpcap's grammar.c, but the reason for
the parse error is unknown. The contents of "myFilter" is the standard
filter that was described in the README of Bro 06. I have tried many
other simple filters, but none seem to work. Bro will run without the
-f option, but of course, it won't pick anything up. Can anyone explain
what is going on, or suggest a place I could try looking? Thank you
very much for any help.
--
Joey McAlerney
Silicon Defense
http://www.silicondefense.com
More information about the Bro
mailing list