[Snort-users] Ignoring a packet
pmelson at ...11827...
Wed Jun 20 17:14:13 EDT 2007
> How do I tell snort to ignore a specific packet? I am collecting snmp
data from my DMZ and I see it in
> snort but I want snort to ignore the packets because I am being inadated
1) If you never want to hear about this event no matter the specific source
or destination, disable the rule (comment it out with a #).
2) If you want to ignore all SNMP traffic from certain hosts or subnets, you
can use the -F switch and create a bpf filter.
3) If the packets you want to ignore have a specific payload, then you need
to write a pass rule.
More info on all of these is available in the online documentation:
More information about the Snort-users