Snort mailing list archives
Re: basic command
From: "Guillaume" <guillaume () anteria fr>
Date: Sat, 19 Jan 2002 16:32:25 +0100 (CET)
Dans son précédent message Warrick FitzGerald écrivait :
Can someone please explain how I would modify this command line statement so that it only logs TCP port 80 snort -dev -l /root/snortlog2 -h 10.10.52.100/32
Sure : ./snort -dev -l /root/snortlog2 src host 10.10.52.100 and tcp port 80 makes snort captures traffic from host 10.10.52.100 port 80 protocol tcp... Clear enough, right ? :-) You can put some quotes around the expression (clearer for human reader) : ./snort -dev -l /root/snortlog2 'src host 10.10.52.100 and tcp port 80' If you omit src you'll capture all traffic from and to host : ./snort -dev -l /root/snortlog2 host 10.10.52.100 and tcp port 80 To get traffic from/to an entire net, use net instead of host. Guillaume [ Sent with SquirrelMail - http://www.squirrelmail.org ] _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- basic command Warrick FitzGerald (Jan 18)
- Re: basic command John Sage (Jan 18)
- Re: basic command Warrick FitzGerald (Jan 19)
- Re: basic command John Sage (Jan 19)
- Re: basic command Warrick FitzGerald (Jan 19)
- Re: basic command Warrick FitzGerald (Jan 19)
- Re: basic command John Sage (Jan 18)
- Re: basic command Guillaume (Jan 19)