Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Logging non tcp/udp/icmp packets

From: Sonika Malhotra <sonikam () magnum barc ernet in>
Date: Mon, 04 Mar 2002 15:30:14 +0530
I would also like to know if this "[!tcp || !udp || !icmp] " works for port
numbers also.
ie
log any any -> $HOME_NET [!25 && !53] (msg:"unknown traffic";)

thanx
sm

"Thomas Porter, Ph.D." wrote:


I'd like to log all non tcp/udp/icmp packets inbound or outbound. What's
the right syntax for the rule below? Thanks

# Logging uncommon protocols
log [!tcp || !udp || !icmp] $EXTERNAL_NET any <> $HOME_NET any (msg:
"Unknown Protocol";session: printable;)

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: