[Snort-users] running snort as packet logger and nids simultaneously

Metal Gear finattack at ...11827...
Tue Jun 7 05:03:26 EDT 2005


Thanks,



On 6/7/05, Joel Esler <eslerj at ...11827...> wrote:
> 
> Either way you're going to end up with the same result.
> 
> Write three rules
> 
> alert tcp any any -> any any (msg:"TCP Capture";)
> alert udp any any -> any any (msg:"Udp capture";)
> alert icmp any any -> any any (msg:"ICMP capture";)
> 
> then restart snort.
> 
> On 6/7/05, Metal Gear <finattack at ...11827...> wrote:
> > the reasone i opted for that is due to very small size of the network 
> i.e
> > only 5 computers on that.
> >
> 
> 
> --
> Joel Esler
> BASE Project Lead
> http://sourceforge.net/projects/secureideas
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20050607/c621c4a5/attachment.html>


More information about the Snort-users mailing list