[Snort-users] VPN traffic

Bill Pennington billp at ...60...
Fri Aug 4 10:54:06 EDT 2000


Yes you are correct I have much more use for an "any ip packet" option.
I don't really care to much about non IP based packets.

Erich Meier wrote:
> 
> On Thu, Aug 03, 2000 at 12:04:59AM +0200, Erich Meier wrote:
> > On Wed, Aug 02, 2000 at 02:28:00PM -0700, Bill Pennington wrote:
> > > I would vote for an any option. There are times when I want to watch
> > > everything from or to a certain place.
> 
> Hmm, the more I think about it...
> 
> Wouldn't it be useful to have
>   an "ip" protocol: tcp udp icmp igmp? arp? gre?
>         (everything with 0x0800, 0x0806 or 0x8035 in the link level header)
>   an "any" protocol: _really any_ packet (IPv6, IPX, ...)
>         see http://www.isi.edu/in-notes/iana/assignments/ethernet-numbers
> 
> Most people mean "ip" when talking about "any". But "any" is useful, too.
> 
> Erich

-- 


Bill Pennington
Senior IT Manager
Rocketcash
billp at ...60...
http://www.rocketcash.com




More information about the Snort-users mailing list