[Snort-users] bpf filter to filter on *starting* port?

Jason Haar Jason.Haar at ...294...
Tue Feb 8 15:20:01 EST 2011


On 02/09/2011 08:24 AM, Jason Wallace wrote:
> maybe adding "config ignore_ports: tcp 9000" to your conf file might
> work. I'm not sure if this acts the same as a bpf or not.

Sorry (again), I was actually asking a general BPF question - not a
snort one. In fact it's about filtering traffic daemonlogger sees

However, are you implying that snort's "ignore_port: tcp 9000" would
only filter traffic that is going to a service running on port 9000?
That would be great if it's true... (snort has the advantage of
stream5_tcp over daemonlogger/tcpdump/etc)


-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1





More information about the Snort-users mailing list