Dans son précédent message Warrick FitzGerald écrivait :

> Can someone please explain how I would modify this command line
> statement so that it only logs TCP port 80
> snort -dev -l /root/snortlog2 -h

Sure :

./snort -dev -l /root/snortlog2 src host and tcp port 80

makes snort captures traffic from host port 80 protocol
tcp... Clear enough, right ? :-)

You can put some quotes around the expression (clearer for human
reader) :
./snort -dev -l /root/snortlog2 'src host and tcp port

If you omit src you'll capture all traffic from and to host :
./snort -dev -l /root/snortlog2 host and tcp port 80

To get traffic from/to an entire net, use net instead of host.


