[Snort-users] BPF filters for the intimidated
pauls at ...6838...
Fri Jul 23 12:33:05 EDT 2004
I didn't realize bpf filters could use tcpdump-type input. *That* I can
--On Friday, July 23, 2004 03:18:05 PM -0400 Jeff Dell
<jdell at ...1095...> wrote:
> I don't know of a tutorial, but you can read about BPF (Berkeley Packet
> Filter) on the TCPDump man page at:
> You will quickly see that there is really no need to know hex unless you
> are doing some complex filtering...
> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net
> [mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Paul Schmehl
> Sent: Friday, July 23, 2004 2:16 PM
> To: Snort-User Mailing List
> Subject: [Snort-users] BPF filters for the intimidated
> Does anyone know a good source for a tutorial on BFP filters? Reading
> the man page has me crossing my eyes and growning.
> I want to capture udp packets on port 53 to one host, including the
> entire payload. I've figured out the hex address for the host, but the
> rest escapes me.
> Paul Schmehl (pauls at ...6838...)
> Adjunct Information Security Officer
> The University of Texas at Dallas
> AVIEN Founding Member
> This SF.Net email is sponsored by BEA Weblogic Workshop
> FREE Java Enterprise J2EE developer tools!
> Get your free copy of BEA WebLogic Workshop 8.1 today.
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
More information about the Snort-users