[Snort-users] Using BPF Filters for GRE, OSPF, BGP, IGMP

Aaron snort at ...10572...
Sun Apr 4 22:43:02 EDT 2004


My bad.

I did not realize that could also be used in the bpf filter snort 
uses.

I should have tried it first before asking.  


Thanks Frank. :-)



On Sun, 04 Apr 2004 23:28:50 -0500
  Frank Knobbe <frank at ...9761...> wrote:
>On Sun, 2004-04-04 at 20:21, Aaron wrote:
>> I know how to specify networks and hosts in my BPF filter file, 
>>though 
>> am not sure how to prevent snort from ever seeing GRE, OSPF, IGMP, 
>> IPSec traffic, etc...
>> 
>> Does anyone know how?
>
>
>man tcpdump
>
>Says right there...  ip and not proto 47  (for GRE for example). 50 
>and
>51 for IPSec. See /etc/services for the rest. 
>
>Regards,
>Frank
>





More information about the Snort-users mailing list