[Snort-users] VPN traffic

Erich Meier Erich.Meier at ...99...
Fri Aug 4 04:36:33 EDT 2000


On Thu, Aug 03, 2000 at 12:04:59AM +0200, Erich Meier wrote:
> On Wed, Aug 02, 2000 at 02:28:00PM -0700, Bill Pennington wrote:
> > I would vote for an any option. There are times when I want to watch
> > everything from or to a certain place.

Hmm, the more I think about it...

Wouldn't it be useful to have
  an "ip" protocol: tcp udp icmp igmp? arp? gre?
	(everything with 0x0800, 0x0806 or 0x8035 in the link level header)
  an "any" protocol: _really any_ packet (IPv6, IPX, ...)
	see http://www.isi.edu/in-notes/iana/assignments/ethernet-numbers

Most people mean "ip" when talking about "any". But "any" is useful, too.

Erich




More information about the Snort-users mailing list