[Snort-users] BPF Filters?

John Sage jsage at ...2022...
Sun Sep 16 09:41:19 EDT 2001

BPF = BSD Packet Filter

(BSD = Berkeley Software Distribution)

The first widely available release of TCP/IP was the 4.2BSD release in 
1983, from the University of California, Berkeley.

BPF offers a means of capturing and filtering packets from a network 

tcpdump is a UNIX/Linux program used to examine packets via BPF 
commmands; internally snort uses BPF syntax to examine packets via the 
-r switch (at least that's how I use it...)

- John

John Sage
FinchHaven, Vashon Island, WA, USA
mailto:jsage at ...2022...
"The web is so, like, five minutes ago..."

Jason Withrow wrote:

> Can someone explain to me what a BPF Filter is?
> Thanks,
> - J

More information about the Snort-users mailing list