Snort mailing list archives
Re: Using BPF Filters for GRE, OSPF, BGP, IGMP
From: Frank Knobbe <frank () knobbe us>
Date: Sun, 04 Apr 2004 23:28:50 -0500
On Sun, 2004-04-04 at 20:21, Aaron wrote:
I know how to specify networks and hosts in my BPF filter file, though am not sure how to prevent snort from ever seeing GRE, OSPF, IGMP, IPSec traffic, etc... Does anyone know how?
man tcpdump Says right there... ip and not proto 47 (for GRE for example). 50 and 51 for IPSec. See /etc/services for the rest. Regards, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Using BPF Filters for GRE, OSPF, BGP, IGMP Aaron (Apr 04)
- Re: Using BPF Filters for GRE, OSPF, BGP, IGMP Frank Knobbe (Apr 04)
- Re: Using BPF Filters for GRE, OSPF, BGP, IGMP Aaron (Apr 04)
- Re: Using BPF Filters for GRE, OSPF, BGP, IGMP Frank Knobbe (Apr 05)
- Re: Using BPF Filters for GRE, OSPF, BGP, IGMP Aaron (Apr 04)
- Re: Using BPF Filters for GRE, OSPF, BGP, IGMP Frank Knobbe (Apr 04)