Snort mailing list archives

RE: filters

From: "Hutchinson, Andrew" <andrew.hutchinson () Vanderbilt Edu>
Date: Tue, 29 Jul 2003 12:41:08 -0500

If you install tcpdump, then type 'man tcpdump', it will give you a good
overview.  Also, if you buy Northcutt's book "Network Intrusion
Detection", it has a nice section reviewing bpf and showing how to do
some useful logical bitmasking operations to find certain traffic types.
 
HTH,
 
Andrew

Andrew Hutchinson - Network Security
Vanderbilt University Medical Center
(615) 936-2856


        -----Original Message-----
        From: Scotts Email [mailto:tech4life2 () comcast net] 
        Sent: Tuesday, July 29, 2003 12:02 PM
        To: snort-users () lists sourceforge net
        Subject: [Snort-users] filters
        
        
        anyone tell me where to find bpf filter options for windows and
linux ?
         
        i want to get the right ones, and know how to use them
properly...our class
         
        is starting ids soon using snort..
         
         
        thanks,
         
        scott

Current thread:

filters Scotts Email (Jul 29)
- Re: filters Jon Baer (Jul 29)
- <Possible follow-ups>
- RE: filters Hutchinson, Andrew (Jul 29)
  - RE: filters - FAQ entry? twig les (Jul 29)
- RE: filters Gary Danko (Jul 29)
  - Re: filters Phil Wood (Jul 29)