[Snort-users] Same source/dest
mbrei at ...8727...
Wed Apr 2 11:14:19 EST 2003
Will it really make that much difference? My snort is running on an AMD
K6-2 400MHz with 256MB ram. This machine is also acting as a
firewall/router for a cable modem with iptables. Snort logs to a MySQL
server running on an AMD Athlon 1.1GHz with 512MB of RAM.
From: Erek Adams [mailto:erek at ...950...]
Sent: Wednesday, April 02, 2003 1:59 PM
To: Brei, Matt
Subject: RE: [Snort-users] Same source/dest
On Wed, 2 Apr 2003, Brei, Matt wrote:
> How do I go about adding a BPF, and what is a BPF as long as I'm
> how to add one? Thank you.
BPF == Berkely Packet Filter. Libpcap supports the use of the BPF style
of filters to examine or limit traffic.
For example to only look at traffic going to or from host foo:
More information about the Snort-users