[Snort-users] Monitoring incoming or outgoing traffic

Jeremy Hoel jthoel at ...11827...
Fri Jan 9 01:31:15 EST 2015


>From snort itself you could use some for of BPF filter, or configure the
tap/span to only send one direction of traffic, if possible.   To snort,
it's all inbound in IDS mode.

On Thu, Jan 8, 2015 at 11:18 PM, Anshuman Anil Deshmukh <anshuman at ...16510...
> wrote:

>  Hi,
>
>
>
> Is there a way in Snort to just monitor the incoming or outgoing traffic
> in IDS mode? Do we need to specify this under threshold.conf or somewhere
> else? We are on version Snort 2.9.7.0
>
>
>
>
>
> Regards,
>
> Anshuman
>
> "Legal Disclaimer: This electronic message and all contents contain
> information from Cybage Software Private Limited which may be privileged,
> confidential, or otherwise protected from disclosure. The information is
> intended to be for the addressee(s) only. If you are not an addressee, any
> disclosure, copy, distribution, or use of the contents of this message is
> strictly prohibited. If you have received this electronic message in error
> please notify the sender by reply e-mail to and destroy the original
> message and all copies. Cybage has taken every reasonable precaution to
> minimize the risk of malicious content in the mail, but is not liable for
> any damage you may sustain as a result of any malicious content in this
> e-mail. You should carry out your own malicious content checks before
> opening the e-mail or attachment." www.cybage.com
>
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming! The Go Parallel Website,
> sponsored by Intel and developed in partnership with Slashdot Media, is
> your
> hub for all things parallel software development, from weekly thought
> leadership blogs to news, videos, case studies, tutorials and more. Take a
> look and join the conversation now. http://goparallel.sourceforge.net
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150108/b7c23986/attachment.html>


More information about the Snort-users mailing list