[Snort-devel] dump packets only p2p rules

Al Lewis (allewi) allewi at ...3461...
Mon Oct 5 09:33:32 EDT 2015


Create a rule that matches the traffic you want and then log the traffic.

You can also use tagging if you want to capture a certain amount of bytes or for a time period after the initial event.

Section on rules --> http://manual.snort.org/node28.html

Section on tagging --> http://manual.snort.org/node34.html#SECTION00475000000000000000

Hope this helps.

Albert Lewis
QA Software Engineer
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046
Phone: (office) 443.430.7112
Email: allewi at ...3461...

From: Jagan mohan Reddy [mailto:jagan.reddy507 at ...2499...]
Sent: Monday, October 05, 2015 3:05 AM
To: snort-devel at lists.sourceforge.net
Subject: [Snort-devel] dump packets only p2p rules

Dear Snort,

I would like to capture only P2P application network traffic at border router. I have installed SNORT and traffic is mirrored to to one of the server port. How can I capture p2p application traffic ..?

Thanks & Regards
Jagan mohan reddy

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20151005/1ee16f0c/attachment.html>

More information about the Snort-devel mailing list