Snort mailing list archives
Query on Snort BPF
From: setests setests <setests () gmail com>
Date: Sun, 5 Feb 2017 12:28:05 +0530
Hi If I have a filter like this for snort, which gets loaded with the -F switch. Why would snort alert for the IP 172.16.10.37 ? The snort version I am currently running is 2.9.9.0. Is my BPF flawed somehow. not ((udp and port 6000) or (udp and port 7000) or (tcp and port 3389) or host 172.16.10.37 or host 172.17.38.5 or host 172.18.10.62 or host 172.18.38.24 or net 50.76.0.0/14 or net 60.112.0.0/13 or net 70.120.0.0/14 or net 80.74.0.0/15 or net 90.124.0.0/16 or net 50.125.0.0/17 or net 50.96.0.0/12 or net 50.80.0.0/12 or net 122.245.0.0/16 or net 127.116.0.0/16 or net 127.54.0.0/15 or net 127.60.0.0/16 or net 127.56.0.0/14 or net 84.112.184.0/22)
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Query on Snort BPF setests setests (Feb 04)