Snort mailing list archives
RE: Same source/dest
From: "Brei, Matt" <mbrei () medclaiminc com>
Date: Wed, 2 Apr 2003 14:09:21 -0500
Will it really make that much difference? My snort is running on an AMD K6-2 400MHz with 256MB ram. This machine is also acting as a firewall/router for a cable modem with iptables. Snort logs to a MySQL server running on an AMD Athlon 1.1GHz with 512MB of RAM. -----Original Message----- From: Erek Adams [mailto:erek () snort org] Sent: Wednesday, April 02, 2003 1:59 PM To: Brei, Matt Cc: snort-users Subject: RE: [Snort-users] Same source/dest On Wed, 2 Apr 2003, Brei, Matt wrote:
How do I go about adding a BPF, and what is a BPF as long as I'm
asking
how to add one? Thank you.
BPF == Berkely Packet Filter. Libpcap supports the use of the BPF style of filters to examine or limit traffic. For example to only look at traffic going to or from host foo: 'host foo'
From foo to bar
'src foo and dst bar' Ignore SSH 'not port 22' Ignore SSH, but look at all other traffic from foo 'src host foo and not port 22' All traffic to/from bar, and only telnet traffic from foo 'host bar and (src host foo and port 21)' For more info on that, have a look at the tcpdump man page, as it gives a much better explanation than I can. Also have a look at this [0] for an example of how to use it with Snort. Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson [0] http://www.theadamsfamily.net/~erek/snort/ignore.txt ------------------------------------------------------- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Same source/dest, (continued)
- Re: Same source/dest Keg (Apr 02)
- RE: Same source/dest Hutchinson, Andrew (Apr 02)
- RE: Same source/dest Brei, Matt (Apr 02)
- RE: Same source/dest Erek Adams (Apr 02)
- Re: Same source/dest Keg (Apr 02)
- Re: Same source/dest Erek Adams (Apr 02)
- Re: Same source/dest Keg (Apr 02)
- Re: Same source/dest Erek Adams (Apr 02)
- RE: Same source/dest Erek Adams (Apr 02)
- RE: Same source/dest Erek Adams (Apr 02)
- RE: Same source/dest Erek Adams (Apr 02)