[Snort-users] Daemonlogger and BPF

Jason Brvenik jasonb at ...1935...
Mon Jun 7 00:36:58 EDT 2010


Wouldn't that be no packets because there can only be two ports in any
given conversation using them?

If you want all packets for port 80, 8080, and 8081 then you need to use "or"

port 80 or port 8080 or port 8081

On Mon, Jun 7, 2010 at 12:15 AM, Randal T. RIoux <randy at ...13561...> wrote:
> I have a question about the file format for bpf filtering with Daemonlogger.
>
> The syntax isn't described anywhere. However, this is what I know.
>
> "port 80 and port 8080" works fine for the -f command line inclusion.
>
> "port 80 and port 8080 and port 8181" throws this error:
>
>    expression rejects all packets
>
> So, I guess my question really is: what is the proper formatting/syntax
> for BPF usage in Daemonlogger?
>
> Thanks!
> Randy
>
> ------------------------------------------------------------------------------
> ThinkGeek and WIRED's GeekDad team up for the Ultimate
> GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
> lucky parental unit.  See the prize list and enter to win:
> http://p.sf.net/sfu/thinkgeek-promo
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>



-- 
Regards,

Jason.




More information about the Snort-users mailing list