[Snort-users] Rule to monitor a specific port

A.L.Lambert alambert at ...387...
Tue Oct 24 14:43:55 EDT 2000

alert !$HOME_NET any <> $HOME_NET $PORT (blah blah blah)

	You need the <> (bidirectional) operators in there.  Otherwise,
you only see one side of the traffic.  Cheers!


> Trying to setup a rule to monitor a specific port. I would like to be
> able to record all traffic to a specific port on a network or a set of
> specific machines. A couple of my attempts catch some traffic but not
> all. Any ideas?
> Thanks,
> Jason
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users


More information about the Snort-users mailing list