Home page logo

snort logo Snort mailing list archives

Re: Network Variables
From: James Lay <jlay () slave-tothe-box net>
Date: Thu, 02 May 2013 11:35:34 -0600

Parenthesis will help:

"not (net && dst host && dst port 80) or (not 
net && dst host && dst port 80)"


On 2013-05-02 11:23, Seth Dunn wrote:
So now my question comes, since you were wondering about the rule I 
This is my rule::
not net and dst host && dst port 80 or not 
net and dst host && dst port 80

By my understanding, and my desire to see happen is this.
Traffic from the network going to http at 
be ignored.
Also, traffic from the network going to http at
should be ignored.
All other traffic is still monitored.

Is this correct, base on the rule above, or should it be worded 

Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]