Snort mailing list archives

RE: filters - FAQ entry?

From: twig les <twigles () yahoo com>
Date: Tue, 29 Jul 2003 10:52:14 -0700 (PDT)

This question seems to hit the lists every few weeks/months and
the answer is always the same.  Maybe add to FAQ?

--- "Hutchinson, Andrew" <andrew.hutchinson () Vanderbilt Edu>
wrote:

If you install tcpdump, then type 'man tcpdump', it will give
you a good
overview.  Also, if you buy Northcutt's book "Network
Intrusion
Detection", it has a nice section reviewing bpf and showing
how to do
some useful logical bitmasking operations to find certain
traffic types.
 
HTH,
 
Andrew

Andrew Hutchinson - Network Security
Vanderbilt University Medical Center
(615) 936-2856


      -----Original Message-----
      From: Scotts Email [mailto:tech4life2 () comcast net] 
      Sent: Tuesday, July 29, 2003 12:02 PM
      To: snort-users () lists sourceforge net
      Subject: [Snort-users] filters
      
      
      anyone tell me where to find bpf filter options for windows
and
linux ?
       
      i want to get the right ones, and know how to use them
properly...our class
       
      is starting ids soon using snort..
       
       
      thanks,
       
      scott



=====
-----------------------------------------------------------
Emo is what happens when the glee club goes punk.       
-----------------------------------------------------------

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com


-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

filters Scotts Email (Jul 29)
- Re: filters Jon Baer (Jul 29)
- <Possible follow-ups>
- RE: filters Hutchinson, Andrew (Jul 29)
  - RE: filters - FAQ entry? twig les (Jul 29)
- RE: filters Gary Danko (Jul 29)
  - Re: filters Phil Wood (Jul 29)