[Snort-users] Using BPF Filters for GRE, OSPF, BGP, IGMP

Frank Knobbe frank at ...9761...
Sun Apr 4 21:30:01 EDT 2004


On Sun, 2004-04-04 at 20:21, Aaron wrote:
> I know how to specify networks and hosts in my BPF filter file, though 
> am not sure how to prevent snort from ever seeing GRE, OSPF, IGMP, 
> IPSec traffic, etc...
> 
> Does anyone know how?


man tcpdump

Says right there...  ip and not proto 47  (for GRE for example). 50 and
51 for IPSec. See /etc/services for the rest. 

Regards,
Frank

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040404/75c2fbfa/attachment.sig>


More information about the Snort-users mailing list