[Snort-users] BPF filters for the intimidated
mkettler at ...4108...
Fri Jul 23 13:10:14 EDT 2004
At 03:32 PM 7/23/2004, Paul Schmehl wrote:
>I didn't realize bpf filters could use tcpdump-type input. *That* I can
Well, BPF is the filter that tcpdump uses. Thus it's no coincidence that
they accept the same input, it's the same filter.
The BPF is actually implemented in the kernel, so it's a convenient
interface for nearly any program like tcpdump or snort to use. Hence the
common filter format.
More information about the Snort-users