Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Specific Host Filter

From: "Eric Hines" <eric.hines () appliedwatch com>
Date: Fri, 14 May 2004 10:57:53 -0500
Todd,

If I understand you correctly, Snort does support the use of BPF
filters: e.g. 'src or dst <ip>'. So on my system, I'd use: 
$ snort -c snort.conf 'src or dst 192.168.0.1'





BRDS,

Eric Hines, GCIA
CEO, President, Chairman
Applied Watch Technologies, Inc.
http://www.appliedwatch.com
Direct: (877) 262-7593 x327
Fax: (877) 262-7593
  
-----Original Message-----
From: Todd.Lambdin [mailto:Todd.Lambdin () mci com] 
Sent: Friday, May 14, 2004 10:16 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Specific Host Filter


Is there an easy way to implement a filter so that I can watch traffic
between the sensor host and 1 other system only?  I do not want to
capture all traffic to the sensor, only traffic from 1 specific host.
Thanks.



Todd P. Lambdin



-------------------------------------------------------
This SF.Net email is sponsored by: SourceForge.net Broadband
Sign-up now for SourceForge Broadband and get the fastest
6.0/768 connection for only $19.95/mo for the first 3 months!
http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: