[Snort-users] Snort 1.7 and Berkeley Packet Filters
erickson at ...239...
Wed Jan 24 13:16:21 EST 2001
I have been doing alot of searching for information on the correct Berkley Packet Filtering syntax that Snort can use. I'm not having much luck. I know how to call certain simple BPF operations, but not exactly what I'm trying to accomplish.
I run Snort 1.7 in the mode:
snort -o -A fast -N -s -c snort.conf
and I would like to know what the correct BPF syntax would be to ignore my home network x.x.0.0/16 going out with a destination of port 80.
I do not want to disable the new unicode and cgi decoding capabilities but I get too many messages with my network, such as cache engines as the source address.
Thanks for your help.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users