Snort mailing list archives
Re: BPF filters for the intimidated
From: "Keith W. McCammon" <mccammon () gmail com>
Date: Fri, 23 Jul 2004 14:52:43 -0400
Don't know where to send you, but you could try this udp and dst host 10.10.10.10 and port 53 Snort should take care of the rest, I believe. On Fri, 23 Jul 2004 13:15:36 -0500, Paul Schmehl <pauls () utdallas edu> wrote:
Does anyone know a good source for a tutorial on BFP filters? Reading the man page has me crossing my eyes and growning. I want to capture udp packets on port 53 to one host, including the entire payload. I've figured out the hex address for the host, but the rest escapes me. Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/ir/security/ ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- BPF filters for the intimidated Paul Schmehl (Jul 23)
- Re: BPF filters for the intimidated Keith W. McCammon (Jul 23)
- RE: BPF filters for the intimidated Jeff Dell (Jul 23)
- RE: BPF filters for the intimidated Paul Schmehl (Jul 23)
- RE: BPF filters for the intimidated Matt Kettler (Jul 23)
- RE: BPF filters for the intimidated Paul Schmehl (Jul 23)
- RE: BPF filters for the intimidated Paul Schmehl (Jul 23)
- <Possible follow-ups>
- RE: BPF filters for the intimidated Joshua Berry (Jul 23)