Snort mailing list archives
Re: BPF Filters?
From: John Sage <jsage () finchhaven com>
Date: Sun, 16 Sep 2001 09:40:14 -0700
BPF = BSD Packet Filter (BSD = Berkeley Software Distribution)The first widely available release of TCP/IP was the 4.2BSD release in 1983, from the University of California, Berkeley.
BPF offers a means of capturing and filtering packets from a network interface.
tcpdump is a UNIX/Linux program used to examine packets via BPF commmands; internally snort uses BPF syntax to examine packets via the -r switch (at least that's how I use it...)
- John -- John Sage FinchHaven, Vashon Island, WA, USA http://www.finchhaven.com/ mailto:jsage () finchhaven com "The web is so, like, five minutes ago..." Jason Withrow wrote:
Can someone explain to me what a BPF Filter is?Thanks,- J
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- BPF Filters? Jason Withrow (Sep 15)
- Re: BPF Filters? John Sage (Sep 16)
- SYN and Win32 SnortLog Analyzer Jason Withrow (Sep 16)
- Re: BPF Filters? John Sage (Sep 16)