[Snort-users] OT: VLANs and ngrep?

Paul Melson pmelson at ...11827...
Tue Sep 4 09:28:15 EDT 2007


> Now I'm a big fan of ngrep, but it cannot operate in this mode. It appears
it is hard-wired for beginning all 
> BPFs with "ip" - which means I can't jam "vlan" in there to make it
VLAN-aware.

It appears to work for me on Fedora 7:

# ngrep vlan 1
interface: eth0 (10.0.0.0/255.255.255.0)
filter: (ip or ip6) and ( vlan 1 )
exit
0 received, 0 dropped


PaulM






More information about the Snort-users mailing list