Snort mailing list archives

Previous By Date Next
Previous By Thread Next

bpf filter?

From: gatekeeper () globe com ph
Date: Mon, 23 Jul 2001 10:29:25 +0800
Hi,

I captured some traffic using tcpdump format (-b) and was able to decode (-r) on a per protocol basis (port 23, 80, 110 
etc). I now wanted to just log 'icmp' or 'arp' traffic but could not seem to figure out how to do it. I guess I would 
need a bpf filter to do this? I would appreciate some sample how to do this so I can log , for example, just icmp type 
0 or type 8?

Thanks a lot?

jun g.
Previous By Date Next
Previous By Thread Next

Current thread: