[Snort-users] Using BPF Filters for GRE, OSPF, BGP, IGMP

Aaron snort at ...10572...
Sun Apr 4 22:43:02 EDT 2004

My bad.

I did not realize that could also be used in the bpf filter snort 

I should have tried it first before asking.  

Thanks Frank. :-)

On Sun, 04 Apr 2004 23:28:50 -0500
  Frank Knobbe <frank at ...9761...> wrote:
>On Sun, 2004-04-04 at 20:21, Aaron wrote:
>> I know how to specify networks and hosts in my BPF filter file, 
>> am not sure how to prevent snort from ever seeing GRE, OSPF, IGMP, 
>> IPSec traffic, etc...
>> Does anyone know how?
>man tcpdump
>Says right there...  ip and not proto 47  (for GRE for example). 50 
>51 for IPSec. See /etc/services for the rest. 

More information about the Snort-users mailing list