[Snort-users] Specific Host Filter

Eric Hines eric.hines at ...8860...
Fri May 14 08:58:16 EDT 2004


If I understand you correctly, Snort does support the use of BPF
filters: e.g. 'src or dst <ip>'. So on my system, I'd use: 
$ snort -c snort.conf 'src or dst'


Eric Hines, GCIA
CEO, President, Chairman
Applied Watch Technologies, Inc.
Direct: (877) 262-7593 x327
Fax: (877) 262-7593
-----Original Message-----
From: Todd.Lambdin [mailto:Todd.Lambdin at ...10383...] 
Sent: Friday, May 14, 2004 10:16 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Specific Host Filter

Is there an easy way to implement a filter so that I can watch traffic
between the sensor host and 1 other system only?  I do not want to
capture all traffic to the sensor, only traffic from 1 specific host.

Todd P. Lambdin

More information about the Snort-users mailing list