[Snort-users] filters - FAQ entry?

twig les twigles at ...131...
Tue Jul 29 10:57:13 EDT 2003


This question seems to hit the lists every few weeks/months and
the answer is always the same.  Maybe add to FAQ?

--- "Hutchinson, Andrew" <andrew.hutchinson at ...759...>
wrote:
> If you install tcpdump, then type 'man tcpdump', it will give
> you a good
> overview.  Also, if you buy Northcutt's book "Network
> Intrusion
> Detection", it has a nice section reviewing bpf and showing
> how to do
> some useful logical bitmasking operations to find certain
> traffic types.
>  
> HTH,
>  
> Andrew
> 
> Andrew Hutchinson - Network Security
> Vanderbilt University Medical Center
> (615) 936-2856
> 
> 
> 	-----Original Message-----
> 	From: Scotts Email [mailto:tech4life2 at ...5068...] 
> 	Sent: Tuesday, July 29, 2003 12:02 PM
> 	To: snort-users at lists.sourceforge.net
> 	Subject: [Snort-users] filters
> 	
> 	
> 	anyone tell me where to find bpf filter options for windows
> and
> linux ?
> 	 
> 	i want to get the right ones, and know how to use them
> properly...our class
> 	 
> 	is starting ids soon using snort..
> 	 
> 	 
> 	thanks,
> 	 
> 	scott
> 
> 


=====
-----------------------------------------------------------
Emo is what happens when the glee club goes punk.       
-----------------------------------------------------------

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com




More information about the Snort-users mailing list