[Snort-users] Same source/dest

Erek Adams erek at ...950...
Wed Apr 2 11:05:29 EST 2003


On Wed, 2 Apr 2003, Brei, Matt wrote:

> How do I go about adding a BPF, and what is a BPF as long as I'm asking
> how to add one?  Thank you.

BPF == Berkely Packet Filter.  Libpcap supports the use of the BPF style
of filters to examine or limit traffic.

For example to only look at traffic going to or from host foo:

	'host foo'



More information about the Snort-users mailing list