Snort mailing list archives
Re: Configuring snort.conf
From: Erek Adams <erek () snort org>
Date: Wed, 11 Feb 2004 10:20:44 -0500 (EST)
On Tue, 10 Feb 2004, James Chong wrote:
The examples given uses a network ID followed by a subnet mask. Say I only want to monitor certain IP addresses using snort.Can I do this? How should I write it? Say I want to monitor only certain IP addresses on my network: 202.185.109.161-202.185.109.165 Net ID:202.185.109.160/27 To monitor the whole network I would use: var HOME_NET 202.185.109.160/27 but I do not want this. Should it be: var HOME_NET 202.185.109.161-202.185.109.165 then?
Nope. var HOME_NET [202.185.109.161/32,202.185.109.162/32,202.185.109.163/32,202.185.109.164/32,202.185.109.165/32] Or to clean that up a bit, you might want to use: var HOME_NET 202.185.109.160/29 That'll get you .160-.166. Cheers! ----- Erek Adams "It looks just like a Telefunken U-47. You'll love it..." -- Frank Zappa ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Configuring snort.conf James Chong (Feb 10)
- Re: Configuring snort.conf Erek Adams (Feb 11)