[Snort-users] Rule to monitor a specific port

A.L.Lambert alambert at ...387...
Tue Oct 24 14:43:55 EDT 2000


alert !$HOME_NET any <> $HOME_NET $PORT (blah blah blah)


	You need the <> (bidirectional) operators in there.  Otherwise,
you only see one side of the traffic.  Cheers!

	--A.L.Lambert


> Trying to setup a rule to monitor a specific port. I would like to be
> able to record all traffic to a specific port on a network or a set of
> specific machines. A couple of my attempts catch some traffic but not
> all. Any ideas?
> 
> 
> Thanks,
> 
> Jason
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users
> 

-- 




More information about the Snort-users mailing list