Snort mailing list archives
RE: Sniffer Mode
From: "L. Christopher Luther" <CLuther () Xybernaut com>
Date: Mon, 12 May 2003 17:17:50 -0400
Jeff, Try using a BPF filter [0] on the Snort command line to limit the traffice seen by Snort. For example: snort [some options] host webserver-ip and net isp-network - Christopher [0] See the "expression" section http://www.tcpdump.org/tcpdump_man.html <http://www.tcpdump.org/tcpdump_man.html> -----Original Message----- From: Jeff Jirka [mailto:jjirka () qwest net] Sent: Wednesday, May 07, 2003 11:21 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Sniffer Mode My setup... - web server sitting on the Internet running Snort v.2.0 - this is a DSL circuit - my web server uses a static address - the router to my ISP also has a static address - a firewall to my internal network is also on this segment using another static addresses I want to capture traffic between the web server and ISP but see everything on the screen for it AND the traffic between my internal network and ISP. I have tried configuring a rules.txt file at least 10 different ways to no avail. Is there some way to only show the traffic on the screen for the web server to ISP conversations?
Current thread:
- Sniffer Mode Jeff Jirka (May 07)
- <Possible follow-ups>
- RE: Sniffer Mode L. Christopher Luther (May 12)