[Snort-users] BPF Filters howto

Ben Keepper lists at ...3351...
Mon Oct 28 08:09:03 EST 2002


All,

I am trying to figure out how to use BPF filters to ignore certain
traffic with Snort.

Other than the Snort manpage, documentation on how to use BPF filters
seems to be scarce.


I see this in the Snort FAQ, but it doesn't seem to be complete.

"Use bpf on the commandline to ignore a host (for example):

       $ snort <commandline options> not host 192.168.0.1"


Also I would like to ignore traffic on specific destination port from a
particular subnet.

Can anybody help with some documentation or a quick howto.

TIA,

Ben








More information about the Snort-users mailing list