RE: BPF filters for the intimidated

[Paul Schmehl <pauls () utdallas edu>]

Yeah, well, you'd never know that from the man page. bpf (4)

--On Friday, July 23, 2004 04:09:13 PM -0400 Matt Kettler 
<mkettler () evi-inc com> wrote:

> At 03:32 PM 7/23/2004, Paul Schmehl wrote:
> > I didn't realize bpf filters could use tcpdump-type input.  *That* I can
> > already do.
>
> Well, BPF is the filter that tcpdump uses. Thus it's no coincidence that
> they accept the same input, it's the same filter.
>
> The BPF is actually implemented in the kernel, so it's a convenient
> interface for nearly any program like tcpdump or snort to use. Hence the
> common filter format.
>
>
>
>
>
>
>
>
>
>
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by BEA Weblogic Workshop
> FREE Java Enterprise J2EE developer tools!
> Get your free copy of BEA WebLogic Workshop 8.1 today.
> http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users



Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/


-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users