[Snort-users] Sniffer Mode

L. Christopher Luther CLuther at ...6333...
Mon May 12 14:19:02 EDT 2003


Jeff,  
 
Try using a BPF filter [0] on the Snort command line to limit the traffice
seen by Snort.  For example:  
 
    snort [some options] host webserver-ip and net isp-network  
 
- Christopher 
 
 
[0] See the "expression" section  http://www.tcpdump.org/tcpdump_man.html
<http://www.tcpdump.org/tcpdump_man.html>  

-----Original Message-----
From: Jeff Jirka [mailto:jjirka at ...2315...]
Sent: Wednesday, May 07, 2003 11:21 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Sniffer Mode


My setup...
 
   - web server sitting on the Internet running Snort v.2.0
   - this is a DSL circuit
   - my web server uses a static address
   - the router to my ISP also has a static address
   - a firewall to my internal network is also on this segment using another
static addresses
 
I want to capture traffic between the web server and ISP but see everything
on the screen for it AND the traffic between my internal network and ISP. I
have tried configuring a rules.txt file at least 10 different ways to no
avail. Is there some way to only show the traffic on the screen for the web
server to ISP conversations?
 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030512/e0742c37/attachment.html>


More information about the Snort-users mailing list