[Snort-users] BPF Filters howto

Ashley Thomas athomas at ...5484...
Mon Oct 28 08:24:06 EST 2002


'man tcpdump' gives enough and more info on such filters.
I hope that helps.

ashley

Ben Keepper wrote:

>All,
>
>I am trying to figure out how to use BPF filters to ignore certain
>traffic with Snort.
>
>Other than the Snort manpage, documentation on how to use BPF filters
>seems to be scarce.
>
>
>I see this in the Snort FAQ, but it doesn't seem to be complete.
>
>"Use bpf on the commandline to ignore a host (for example):
>
>       $ snort <commandline options> not host 192.168.0.1"
>
>
>Also I would like to ignore traffic on specific destination port from a
>particular subnet.
>
>Can anybody help with some documentation or a quick howto.
>
>TIA,
>
>Ben
>
>
>
>
>
>
>-------------------------------------------------------
>This sf.net email is sponsored by:ThinkGeek
>Welcome to geek heaven.
>http://thinkgeek.com/sf
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users
>  
>







More information about the Snort-users mailing list