[Snort-users] Snort URL logging

Jens Krabbenhoeft tschenz-snort-users at ...7018...
Tue Jan 14 07:22:07 EST 2003


Hi,

> But with urlsnarf i can't filter the source ip, and i really need that. It's
> impossible to do this with Snort?

Had a quick look into the man-page I found searching the web
(http://www.groar.org/trad/dsniff/dsniff-2.3/english-txt/urlsnarf.8.txt):

--- SNIP ---
NAME
       urlsnarf - sniff HTTP requests in Common Log Format

SYNOPSIS
       urlsnarf [-n] [-i interface]  [[-v] pattern [expression]]
(..)
       expression
              Specify a tcpdump(8) filter  expression  to  select
              traffic to sniff.
--- SNIP ---

I guess 'expression' will suffice your needs. Have a look at the BPF
section in the tcpdump(8) manpage. 

HTH,
	Jens




More information about the Snort-users mailing list