[Snort-users] bpf filter to filter on *starting* port?

Jason Haar Jason.Haar at ...294...
Tue Feb 8 13:29:05 EST 2011


On 02/09/2011 02:53 AM, Jason Wallace wrote:
> not (host 1.2.3.4 and port 9000)
>
>
> I think that would work. it will discard packets to/from 1.2.3.4 with
> either a src or dst port of 9000.
>
>

Sorry - I said "any host" - doing single hosts is doable (as you say) -
it's the general rule that's beyond me


-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1





More information about the Snort-users mailing list