Re: Daemonlogger and BPF

[Jason Brvenik <jasonb () sourcefire com>]

Wouldn't that be no packets because there can only be two ports in any
given conversation using them?

If you want all packets for port 80, 8080, and 8081 then you need to use "or"

port 80 or port 8080 or port 8081

On Mon, Jun 7, 2010 at 12:15 AM, Randal T. RIoux <randy () procyonlabs com> wrote:
> I have a question about the file format for bpf filtering with Daemonlogger.
>
> The syntax isn't described anywhere. However, this is what I know.
>
> "port 80 and port 8080" works fine for the -f command line inclusion.
>
> "port 80 and port 8080 and port 8181" throws this error:
>
>    expression rejects all packets
>
> So, I guess my question really is: what is the proper formatting/syntax
> for BPF usage in Daemonlogger?
>
> Thanks!
> Randy
>
> ------------------------------------------------------------------------------
> ThinkGeek and WIRED's GeekDad team up for the Ultimate
> GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
> lucky parental unit.  See the prize list and enter to win:
> http://p.sf.net/sfu/thinkgeek-promo
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users



-- 
Regards,

Jason.

------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate 
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
lucky parental unit.  See the prize list and enter to win: 
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users