[Snort-users] Snort 1.7 and Berkeley Packet Filters
cpw at ...440...
Wed Jan 24 14:33:44 EST 2001
On Wed, Jan 24, 2001 at 10:16:21AM -0800, Brent Erickson wrote:
> Hello all,
> I have been doing alot of searching for information on the correct Berkley Packet Filtering syntax that Snort can use. I'm not having much luck. I know how to call certain simple BPF operations, but not exactly what I'm trying to accomplish.
> I run Snort 1.7 in the mode:
> snort -o -A fast -N -s -c snort.conf
> and I would like to know what the correct BPF syntax would be to ignore my home network x.x.0.0/16 going out with a destination of port 80.
ip and not '(dst net 18.104.22.168/16 and dst port 80)'
> I do not want to disable the new unicode and cgi decoding capabilities but I get too many messages with my network, such as cache engines as the source address.
> Thanks for your help.
> Brent Erickson
Phil Wood, cpw at ...440...
More information about the Snort-users