> As far as snoop is concerned, the ipnet header is the link-layer header.
Ick. > I'll need to look further into this, but it doesn't seem to be broken > for all filters. For example, the following works just fine: > > bash-3.2# snoop -I bge0 -U tcp port 22 > Using device ipnet/bge0 (promiscuous mode) > strat.East.Sun.COM -> whitestar1-6.East.Sun.COM TCP D=22 S=64519 Syn > Seq=2995106985 Len=0 Win=49640 Options=<mss 1460,nop,wscale 0,nop,nop,sackOK> > whitestar1-6.East.Sun.COM -> strat.East.Sun.COM TCP D=64519 S=22 Syn > Ack=2995106986 Seq=3047980435 Len=0 Win=49640 Options=<mss 1460,nop,wscale > 0,nop,nop,sackOK> As per my example, I also had no problem udp port number filtering. -- meem
