Snort mailing list archives
Re: Problem to sniff 80, 110, 25 and 21 ports.
From: Mike Cojocea <msc39 () georgetown edu>
Date: Wed, 29 Oct 2003 15:05:37 -0500
The filter should be: dst port 21 or port 25 or port 80 or port 110 and it will work. Mike Matt Kettler wrote:
At 01:23 PM 10/29/2003, you wrote:I use this command: root@andrealnx:~# snort -i eth0 -l prova dst port 80 and dst port 110 and dst port 25 and dst port 21 and I've got this error:Is there a reason why are you using snort for this? If you just need a packet dumper, use tcpdump. Also, the above rule theoretically would never match any packets at all.. you want or, not and.. It's impossible for a packet to be destined to port 80 and port 110, it can only be destined to one or the other. ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- ___________________________ Mike Cojocea, CISSP Network Security Analyst Georgetown University University Information Services 202-687-1002 msc39 () georgetown edu ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Problem to sniff 80, 110, 25 and 21 ports. giochi (Oct 29)
- Re: Problem to sniff 80, 110, 25 and 21 ports. Matt Kettler (Oct 29)
- Re: Problem to sniff 80, 110, 25 and 21 ports. giochi (Oct 29)
- Re: Problem to sniff 80, 110, 25 and 21 ports. Mike Cojocea (Oct 29)
- <Possible follow-ups>
- Problem to sniff 80, 110, 25 and 21 ports. giochi (Oct 29)
- RE: Problem to sniff 80, 110, 25 and 21 ports. O'Flynn, Derek (Oct 29)
- Re: Problem to sniff 80, 110, 25 and 21 ports. Matt Kettler (Oct 29)