[Snort-sigs] Traffic Capture
Syed Hammad Tahir
mscs16059 at itu.edu.pk
Fri Dec 8 04:20:02 EST 2017
I am new to snort and need help .
Is there any way (by writing rules) to capture all the network traffic?
By default I am using alert tcp any any -> any any (msg: “alert”) but it
doesnt capture the whole traffic i.e., the packets sent transferred between
other nodes (unicast).
I am specifically interested in capturing the ARP request data. Any help
will be appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-sigs