Re: portrange

I don't claim to be a BPF expert, but I don't think that's valid.  All
the >= and <= type comparisons I've ever seen in examples and man pages
have been for packet header stuff.   Plus, I've tried that already with
both tcpdump and snort and I get syntax errors + exit from tcpdump and
the same from snort.

e.g.

ronin ~ # tcpdump -i eth0 'not dst port >= 28000'
tcpdump: syntax error

On Fri, Apr 28, 2006 at 06:57:31PM -0600, Chris Kuethe wrote:
> On 4/28/06, John Newman <jnn@xxxxxxxxx> wrote:
> >rather than having to do "not dst port X and not dst port X+1 and ..."
> >which, on my box, with 1000 ports, makes snort start rather slowly.
> 
> what's wrong with '... not (dst port >= X and dst port <= X)' ?
> 
> --
> GDB has a 'break' feature; why doesn't it have 'fix' too?
> 
> 
> -------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job 
> easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid0709&bid&3057&dat1642
> _______________________________________________
> Snort-devel mailing list
> Snort-devel@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/snort-devel

-- 
John Newman
Systems Administrator, WebXess Inc.


-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0709&bid&3057&dat1642