Snort mailing list archives

Previous By Date Next
Previous By Thread Next

snort expression (ip broadcast)

From: Papa Mike <online_puppy () yahoo ca>
Date: Fri, 3 Jan 2003 16:26:51 -0500 (EST)
I have captured a packet with the following bit of
info:

12/30-22:59:59.368544 192.168.1.92:138 ->
192.168.1.255:138

This is from a Samba server (a SMB broadcast).  It was
captured with:

# snort -dvCq src host 192.168.1.92 and dst port 138
and dst net 192.168.1.0 mask 255.255.255.0

Now I wanted to use snort's 'ip broadcast' option but
it fails to capture the packet:

# snort -dvCq src host 192.168.1.92 and dst port 138
and ip broadcast 

Why doesn't this work?



______________________________________________________________________ 
Post your free ad now! http://personals.yahoo.ca


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: