Snort mailing list archives

Previous By Date Next
Previous By Thread Next

WINDUMP Syntax Question

From: "John Bro" <ironzinciron () hotmail com>
Date: Thu, 31 Oct 2002 11:43:04 +0000

..I am getting a parsing error.

Conceptually I want to log all traffic EXCEPT:

where the UDP 8th byte = 80(hex)   AND
where the UDP 9th byte = 04(hex)   AND ONLY
when the packets head into the network 10.0.0.16/24

The syntax I am using is:
windump -i3 -n -w c:\rtr1_log\wdump1 "!UDP[8]=0x80 and !UDP[9]=0x04 and net=10.0.0.16/24" 

Any pointers?
Kyle





_________________________________________________________________
Choose an Internet access plan right for you -- try MSN! http://resourcecenter.msn.com/access/plans/default.asp 



-------------------------------------------------------
This sf.net email is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0004en 
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: