[Snort-users] CIDR notation question
radamson at ...2127...
Thu Jul 10 11:45:38 EDT 2003
A couple of us are having a discuss off list. Does anyone know (for a
fact) how snort treats CIDR notation?
var HOME_NET [172.16.0.0/23] implies 512 addresses, one broadcast
address (172.16.1.255), and 172.16.0.255 is a valid device address.
Is there any code that would assume natural subnet masks, or, analyze
packets in such a way as to assume 172.16.0.255 is treated differently?
Or, asking the question slightly different...
is var HOME_NET [172.16.0.0/24,172.16.1.0/24]
treated exactly the same as
when packets are analyzed?
More information about the Snort-users