[Snort-users] WINDUMP Syntax Question

John Bro ironzinciron at ...125...
Thu Oct 31 03:44:01 EST 2002


..I am getting a parsing error.

Conceptually I want to log all traffic EXCEPT:

where the UDP 8th byte = 80(hex)   AND
where the UDP 9th byte = 04(hex)   AND ONLY
when the packets head into the network 10.0.0.16/24

The syntax I am using is:
windump -i3 -n -w c:\rtr1_log\wdump1 "!UDP[8]=0x80 and !UDP[9]=0x04 and 
net=10.0.0.16/24"

Any pointers?
Kyle





_________________________________________________________________
Choose an Internet access plan right for you -- try MSN! 
http://resourcecenter.msn.com/access/plans/default.asp





More information about the Snort-users mailing list