Snort mailing list archives

Previous By Date Next
Previous By Thread Next

tcpdump filter question

From: "Bradley, Paul" <paulb () cta com>
Date: Thu, 21 Nov 2002 10:01:57 -0700
Using snort 1.9.0.

scenario:  logging packet data to a binary file with snort.  i want to go in
and investigate some tftp activity.  i usually use tcpdump (3.6) to read the
packets.  this works:

tcpdump -vvv -n -nn -r packet_file dst port 69

result = all the packets destined to tftp

this doesn't work:

tcpdump -vvv -n -nn -r packet_file 'tcp[2:2] = 69'

result = nothing (no output)

When using tcpdump filters on a binary file created by snort, the built-in
tcpdump macro filters work; however, the other style of filters don't.  does
this have something to do with the way snort creates the binary file?  i'd
like the 2nd style of the filters to work, as i can customize my packet
queries.

thanks,

paul


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: