[Snort-users] Rule to monitor a specific port
alambert at ...387...
Tue Oct 24 14:43:55 EDT 2000
alert !$HOME_NET any <> $HOME_NET $PORT (blah blah blah)
You need the <> (bidirectional) operators in there. Otherwise,
you only see one side of the traffic. Cheers!
> Trying to setup a rule to monitor a specific port. I would like to be
> able to record all traffic to a specific port on a network or a set of
> specific machines. A couple of my attempts catch some traffic but not
> all. Any ideas?
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
More information about the Snort-users