Snort mailing list archives
Re: OT: VLANs and ngrep?
From: "Paul Melson" <pmelson () gmail com>
Date: Tue, 4 Sep 2007 09:28:15 -0400
Now I'm a big fan of ngrep, but it cannot operate in this mode. It appears
it is hard-wired for beginning all
BPFs with "ip" - which means I can't jam "vlan" in there to make it
VLAN-aware. It appears to work for me on Fedora 7: # ngrep vlan 1 interface: eth0 (10.0.0.0/255.255.255.0) filter: (ip or ip6) and ( vlan 1 ) exit 0 received, 0 dropped PaulM ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- OT: VLANs and ngrep? Jason Haar (Sep 03)
- Re: OT: VLANs and ngrep? Paul Melson (Sep 04)
- Re: OT: VLANs and ngrep? Jason Haar (Sep 04)
- Re: OT: VLANs and ngrep? Paul Melson (Sep 04)