[Snort-users] Specific Host Filter

Todd.Lambdin Todd.Lambdin at ...10383...
Fri May 14 10:00:16 EDT 2004


That worked.  Thanks.

-----Original Message-----
From: Eric Hines [mailto:eric.hines at ...8860...] 
Sent: Friday, May 14, 2004 11:58 AM
To: todd.lambdin at ...10383...; snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] Specific Host Filter

Todd,

If I understand you correctly, Snort does support the use of BPF
filters: e.g. 'src or dst <ip>'. So on my system, I'd use: 
$ snort -c snort.conf 'src or dst 192.168.0.1'





BRDS,

Eric Hines, GCIA
CEO, President, Chairman
Applied Watch Technologies, Inc.
http://www.appliedwatch.com
Direct: (877) 262-7593 x327
Fax: (877) 262-7593
  
-----Original Message-----
From: Todd.Lambdin [mailto:Todd.Lambdin at ...10383...] 
Sent: Friday, May 14, 2004 10:16 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Specific Host Filter


Is there an easy way to implement a filter so that I can watch traffic
between the sensor host and 1 other system only?  I do not want to
capture all traffic to the sensor, only traffic from 1 specific host.
Thanks.



Todd P. Lambdin





More information about the Snort-users mailing list