Snort mailing list archives
Re: Snort URL logging
From: Jens Krabbenhoeft <tschenz-snort-users () noris net>
Date: Tue, 14 Jan 2003 16:21:35 +0100
Hi,
But with urlsnarf i can't filter the source ip, and i really need that. It's impossible to do this with Snort?
Had a quick look into the man-page I found searching the web (http://www.groar.org/trad/dsniff/dsniff-2.3/english-txt/urlsnarf.8.txt): --- SNIP --- NAME urlsnarf - sniff HTTP requests in Common Log Format SYNOPSIS urlsnarf [-n] [-i interface] [[-v] pattern [expression]] (..) expression Specify a tcpdump(8) filter expression to select traffic to sniff. --- SNIP --- I guess 'expression' will suffice your needs. Have a look at the BPF section in the tcpdump(8) manpage. HTH, Jens ------------------------------------------------------- This SF.NET email is sponsored by: FREE SSL Guide from Thawte are you planning your Web Server Security? Click here to get a FREE Thawte SSL guide and find the answers to all your SSL security issues. http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort URL logging ALMEIDA Antonio Jose (Jan 14)
- Re: Snort URL logging Jens Krabbenhoeft (Jan 14)
- <Possible follow-ups>
- RE: Snort URL logging ALMEIDA Antonio Jose (Jan 14)
- RE: Snort URL logging Erek Adams (Jan 14)
- Re: Snort URL logging Jens Krabbenhoeft (Jan 14)
- RE: Snort URL logging Rich Stryker (Jan 14)
- RE: Snort URL logging Erek Adams (Jan 14)
- RE: Snort URL logging L. Christopher Luther (Jan 14)
- RE: Snort URL logging ALMEIDA Antonio Jose (Jan 14)
- RE: Snort URL logging Rich Stryker (Jan 15)
- RE: Snort URL logging Erek Adams (Jan 15)