Snort mailing list archives

RE: BPF filters for the intimidated

From: Matt Kettler <mkettler () evi-inc com>
Date: Fri, 23 Jul 2004 16:09:13 -0400

At 03:32 PM 7/23/2004, Paul Schmehl wrote:

I didn't realize bpf filters could use tcpdump-type input. *That* I canalready do.

Well, BPF is the filter that tcpdump uses. Thus it's no coincidence thatthey accept the same input, it's the same filter.

The BPF is actually implemented in the kernel, so it's a convenientinterface for nearly any program like tcpdump or snort to use. Hence thecommon filter format.














-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

BPF filters for the intimidated Paul Schmehl (Jul 23)
- Re: BPF filters for the intimidated Keith W. McCammon (Jul 23)
- RE: BPF filters for the intimidated Jeff Dell (Jul 23)
  - RE: BPF filters for the intimidated Paul Schmehl (Jul 23)
    - RE: BPF filters for the intimidated Matt Kettler (Jul 23)
    - RE: BPF filters for the intimidated Paul Schmehl (Jul 23)
- <Possible follow-ups>
- RE: BPF filters for the intimidated Joshua Berry (Jul 23)