[Snort-users] Rule Creation Question !.
michael at ...3137...
Tue Oct 1 18:29:41 EDT 2002
On Tue, Oct 01, 2002 at 04:39:34PM +0200, Moreno Poli wrote:
> if i have a server with pop3 and smtp services, is possible create a
> rule that log all incoming traffic except traffic for this 2 ports, i
> know that is possible
> create a rule that log all traffic except 1 port , but if the port are
> two or tree is possible ?
> Moreno Poli
Yes, use bpf filters:
not port 25 and not port 110
Then you can ask snort to log everything, as it's totaly blind about
SMTP and POP3 traffic (never gets them).
'man tcpdump' will tell you how to write bpf filters, and snort manpage
will tell you how to use them.
Student, Husband, Geek. Not necessary in that order thought.
More information about the Snort-users