[Snort-users] Same source/dest

Brei, Matt mbrei at ...8727...
Wed Apr 2 11:14:19 EST 2003


Will it really make that much difference?  My snort is running on an AMD
K6-2 400MHz with 256MB ram.  This machine is also acting as a
firewall/router for a cable modem with iptables.  Snort logs to a MySQL
server running on an AMD Athlon 1.1GHz with 512MB of RAM.

-----Original Message-----
From: Erek Adams [mailto:erek at ...950...] 
Sent: Wednesday, April 02, 2003 1:59 PM
To: Brei, Matt
Cc: snort-users
Subject: RE: [Snort-users] Same source/dest

On Wed, 2 Apr 2003, Brei, Matt wrote:

> How do I go about adding a BPF, and what is a BPF as long as I'm
asking
> how to add one?  Thank you.

BPF == Berkely Packet Filter.  Libpcap supports the use of the BPF style
of filters to examine or limit traffic.

For example to only look at traffic going to or from host foo:

	'host foo'



More information about the Snort-users mailing list