[Labrea-users] Labrea Capture Network -n SINGLE IP

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

All,

I need assistance. I am trying to start Labrea specifying a capture 
network of a SINGLE IP. Can someone please assist? Labrea doesn't seem 
to want to do it. It will only allow us to specify networks, not /32 or 
-m 255.255.255.255.

I also need to know what the syntax is to specify a bunch of single IP 
addresses. Is it as simple as doing -n 192.168.0.1/32 -n 192.168.02/32 
-n 192.168.0.3/32......

However, the biggest problem right now is Labrea not wanting to capture 
a single IP. If I try: -n 172.27.194.23 -m 255.255.255.254 it works 
fine. But that will grab .22-.23. I just want .23. Please advise.

[root@localhost sbin]# ./labrea -V
LaBrea 2.5-stable-1 lo...@us...
Fri Jul  7 11:12:56 2006  Labrea exiting...

[root@localhost network-scripts]# /aw/sbin/labrea -i eth1 -n 
172.27.194.23/32 -m 255.255.255.255 -z -v

labrea: *** Both the capture subnet address and subnet mask must be 
specified.
Consider using the -n parameter with CIDR notation (ie xx.xx.xx.xx/nn).
Fri Jul  7 11:06:52 2006  User specified capture subnet / mask: 
172.27.194.23
Fri Jul  7 11:06:52 2006  LaBrea will attempt to capture unused IPs.
Fri Jul  7 11:06:52 2006  Full internal BPF filter: arp or (ip and ether 
dst host 00:00:0F:FF:FF:FF)
Fri Jul  7 11:06:52 2006  LaBrea will log to syslog
Fri Jul  7 11:06:52 2006  Logging will be verbose.
labrea: *** Errors in input - exiting.
Fri Jul  7 11:06:52 2006  Initiated on interface: eth1
Fri Jul  7 11:06:52 2006  Host system IP addr: 172.27.194.254, MAC addr: 
00:13:72:f7:ac:ef
labrea: *** Config file /aw/etc/labrea.conf not found
Fri Jul  7 11:06:52 2006  Network number: 172.27.194.23
Fri Jul  7 11:06:52 2006  Netmask: 255.255.255.255
Fri Jul  7 11:06:52 2006  Number of addresses LaBrea will watch for ARPs: 0
Fri Jul  7 11:06:52 2006  Range: 172.27.194.23 - 172.27.194.23
Fri Jul  7 11:06:52 2006  Throttle size set to WIN 10
Fri Jul  7 11:06:52 2006  Rate (-r) set to 3
labrea: *** Errors in initialization ... exiting
Fri Jul  7 11:06:52 2006  Labrea exiting...
Fri Jul  7 11:06:52 2006  0/0 packets (received/dropped) by filter

-- 

Best Regards,

Eric S. Hines, GCIA, CISSP
CEO, President, Chairman
Applied Watch Technologies, LLC

--------------------------------------------------

Eric S. Hines, GCIA, CISSP
CEO, President, Chairman
Applied Watch Technologies, LLC

--------------------------------------------------

Email:   eri...@ap...
Address: 1095 Pingree Road
          Suite 213
          Crystal Lake, IL
          60014
Tel:     (877) 262-7593 ext:327
Local:   (847) 854-5831
Fax:     (847) 854-5106
Web:     http://www.appliedwatch.com

--------------------------------------------------
Security Management for the Open Source Enterprise