[Snort-users] basic command

Guillaume guillaume at ...4029...
Sat Jan 19 07:20:03 EST 2002


Dans son précédent message Warrick FitzGerald écrivait :

> Can someone please explain how I would modify this command line
> statement so that it only logs TCP port 80
>
> snort -dev -l /root/snortlog2 -h 10.10.52.100/32

Sure :

./snort -dev -l /root/snortlog2 src host 10.10.52.100 and tcp port 80

makes snort captures traffic from host 10.10.52.100 port 80 protocol
tcp... Clear enough, right ? :-)

You can put some quotes around the expression (clearer for human
reader) :
./snort -dev -l /root/snortlog2 'src host 10.10.52.100 and tcp port
80'

If you omit src you'll capture all traffic from and to host :
./snort -dev -l /root/snortlog2 host 10.10.52.100 and tcp port 80

To get traffic from/to an entire net, use net instead of host.

Guillaume

[ Sent with SquirrelMail -  http://www.squirrelmail.org     ]






More information about the Snort-users mailing list