[Snort-users] Specific Host Filter
eric.hines at ...8860...
Fri May 14 08:58:16 EDT 2004
If I understand you correctly, Snort does support the use of BPF
filters: e.g. 'src or dst <ip>'. So on my system, I'd use:
$ snort -c snort.conf 'src or dst 192.168.0.1'
Eric Hines, GCIA
CEO, President, Chairman
Applied Watch Technologies, Inc.
Direct: (877) 262-7593 x327
Fax: (877) 262-7593
From: Todd.Lambdin [mailto:Todd.Lambdin at ...10383...]
Sent: Friday, May 14, 2004 10:16 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Specific Host Filter
Is there an easy way to implement a filter so that I can watch traffic
between the sensor host and 1 other system only? I do not want to
capture all traffic to the sensor, only traffic from 1 specific host.
Todd P. Lambdin
More information about the Snort-users