[Snort-users] Ignoring a packet

Paul Melson pmelson at ...11827...
Wed Jun 20 17:14:13 EDT 2007


> How do I tell snort to ignore a specific packet?  I am collecting snmp
data from my DMZ and I see it in 
> snort but I want snort to ignore the packets because I am being inadated
with them.

1) If you never want to hear about this event no matter the specific source
or destination, disable the rule (comment it out with a #).

2) If you want to ignore all SNMP traffic from certain hosts or subnets, you
can use the -F switch and create a bpf filter.

3) If the packets you want to ignore have a specific payload, then you need
to write a pass rule.

More info on all of these is available in the online documentation:

http://snort.org/docs/snort_htmanuals/htmanual_2615/

PaulM





More information about the Snort-users mailing list