Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: very simple question about $ operand

From: Martin Roesch <roesch () sourcefire com>
Date: Wed, 26 Jan 2005 11:26:19 -0500
It's on pages 13-14 of the manual under the Variables section. The $ operator let's the parser know that you're referring to a predefined variable. For example: 

var FOO 10.1.1.0/24

alert tcp any any -> $FOO 1234 (msg: "foo";)

On Jan 25, 2005, at 11:59 AM, gsr4 () excite com wrote:
I have searched the snort users manual and I cannot find the definition or meaning of the $ operand. What does this mean and why is it assumed we are supposed to know this? 





Join Excite! - http://www.excite.com
The most personalized portal on the Web!

--
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Discover.  Determine.  Defend.
roesch () sourcefire com - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org



-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: