[Snort-users] BPF Filters howto

Ben Keepper lists at ...3351...
Mon Oct 28 08:09:03 EST 2002


I am trying to figure out how to use BPF filters to ignore certain
traffic with Snort.

Other than the Snort manpage, documentation on how to use BPF filters
seems to be scarce.

I see this in the Snort FAQ, but it doesn't seem to be complete.

"Use bpf on the commandline to ignore a host (for example):

       $ snort <commandline options> not host"

Also I would like to ignore traffic on specific destination port from a
particular subnet.

Can anybody help with some documentation or a quick howto.



More information about the Snort-users mailing list