[Snort-users] BPF Filters?

John Sage jsage at ...2022...
Sun Sep 16 09:41:19 EDT 2001


BPF = BSD Packet Filter

(BSD = Berkeley Software Distribution)

The first widely available release of TCP/IP was the 4.2BSD release in 
1983, from the University of California, Berkeley.

BPF offers a means of capturing and filtering packets from a network 
interface.

tcpdump is a UNIX/Linux program used to examine packets via BPF 
commmands; internally snort uses BPF syntax to examine packets via the 
-r switch (at least that's how I use it...)

- John

-- 
John Sage
FinchHaven, Vashon Island, WA, USA
http://www.finchhaven.com/
mailto:jsage at ...2022...
"The web is so, like, five minutes ago..."


Jason Withrow wrote:

> Can someone explain to me what a BPF Filter is?
> 
>  
> 
> Thanks,
> 
>  
> 
> - J
> 






More information about the Snort-users mailing list