Snort mailing list archives

Re: P2P GNUTella GET

From: Erek Adams <erek () snort org>
Date: Sat, 8 Mar 2003 10:20:03 -0500 (EST)

On Sat, 8 Mar 2003, [iso-8859-1] Always Bishan wrote:

[...snip...]

i want to exclude 8080 port number along with 80 as
mentioned in the alert above

how do i tell the rule to ignore port 8080 along with
80?


Use BPF filters or a pass rule.  The information on how to do that is in
the docs [0].  Please have a read.  You'd be surprised at the amount of
your questions that are answered in them.  And the ones that aren't...
Who knows, you may even find the answer in the FAQ [1].  ;-)

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


[0]     http://www.snort.org/docs/writing_rules/
[1]     http://www.snort.org/docs/faq.html


-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger 
for complex code. Debugging C/C++ programs can leave you feeling lost and 
disoriented. TotalView can help you find your way. Available on major UNIX 
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

P2P GNUTella GET Always Bishan (Mar 08)
- Re: P2P GNUTella GET Erek Adams (Mar 08)
- Re: P2P GNUTella GET Kenneth G. Arnold (Mar 08)
- RE: P2P GNUTella GET Dave Thornburgh (Mar 10)
  - RE: P2P GNUTella GET Erek Adams (Mar 10)
  - RE: P2P GNUTella GET Always Bishan (Mar 10)