[Snort-users] OT: VLANs and ngrep?

Paul Melson pmelson at ...11827...
Tue Sep 4 09:28:15 EDT 2007

> Now I'm a big fan of ngrep, but it cannot operate in this mode. It appears
it is hard-wired for beginning all 
> BPFs with "ip" - which means I can't jam "vlan" in there to make it

It appears to work for me on Fedora 7:

# ngrep vlan 1
interface: eth0 (
filter: (ip or ip6) and ( vlan 1 )
0 received, 0 dropped


More information about the Snort-users mailing list