Snort mailing list archives
Re: BPF question "port > 2000"?
From: rmkml <rmkml () yahoo fr>
Date: Thu, 20 Jan 2011 13:42:01 +0100 (CET)
Hi Jason, Check with bpf filter: 'tcp[2:2] > 0x07D0' # tcp dest port > 2000http://www.infosecwriters.com/text_resources/pdf/JStebelton_BPF.pdf Regards
Rmkml On Fri, 21 Jan 2011, Jason Haar wrote:
On 01/20/2011 10:31 PM, Sandro guly Zaccarini wrote:portrange 2001-65535? szHa! Simple as that. We're running on CentOS4 systems - and tcpdump (which I was relying on for testing filters) is only 3.8 and doesn't support portrange, however I see CentOS5 has tcpdump-3.9 and it does - so I guess that's when the feature came in. Thanks! Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
------------------------------------------------------------------------------ Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- BPF question "port > 2000"? Jason Haar (Jan 20)
- Re: BPF question "port > 2000"? Sandro guly Zaccarini (Jan 20)
- Re: BPF question "port > 2000"? Jason Haar (Jan 20)
- Re: BPF question "port > 2000"? rmkml (Jan 20)
- Re: BPF question "port > 2000"? Jason Haar (Jan 20)
- Re: BPF question "port > 2000"? Sandro guly Zaccarini (Jan 20)