[Snort-users] WINDUMP Syntax Question

John Bro ironzinciron at ...125...
Thu Oct 31 03:44:01 EST 2002

..I am getting a parsing error.

Conceptually I want to log all traffic EXCEPT:

where the UDP 8th byte = 80(hex)   AND
where the UDP 9th byte = 04(hex)   AND ONLY
when the packets head into the network

The syntax I am using is:
windump -i3 -n -w c:\rtr1_log\wdump1 "!UDP[8]=0x80 and !UDP[9]=0x04 and 

Any pointers?

Choose an Internet access plan right for you -- try MSN! 

More information about the Snort-users mailing list