Snort mailing list archives

Re: Snort URL logging

From: Jens Krabbenhoeft <tschenz-snort-users () noris net>
Date: Tue, 14 Jan 2003 16:21:35 +0100

Hi,

But with urlsnarf i can't filter the source ip, and i really need that. It's
impossible to do this with Snort?


Had a quick look into the man-page I found searching the web
(http://www.groar.org/trad/dsniff/dsniff-2.3/english-txt/urlsnarf.8.txt):

--- SNIP ---
NAME
       urlsnarf - sniff HTTP requests in Common Log Format

SYNOPSIS
       urlsnarf [-n] [-i interface]  [[-v] pattern [expression]]
(..)
       expression
              Specify a tcpdump(8) filter  expression  to  select
              traffic to sniff.
--- SNIP ---

I guess 'expression' will suffice your needs. Have a look at the BPF
section in the tcpdump(8) manpage. 

HTH,
        Jens


-------------------------------------------------------
This SF.NET email is sponsored by: FREE  SSL Guide from Thawte
are you planning your Web Server Security? Click here to get a FREE
Thawte SSL guide and find the answers to all your  SSL security issues.
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort URL logging ALMEIDA Antonio Jose (Jan 14)
- Re: Snort URL logging Jens Krabbenhoeft (Jan 14)
- <Possible follow-ups>
- RE: Snort URL logging ALMEIDA Antonio Jose (Jan 14)
  - RE: Snort URL logging Erek Adams (Jan 14)
  - Re: Snort URL logging Jens Krabbenhoeft (Jan 14)
- RE: Snort URL logging Rich Stryker (Jan 14)
  - RE: Snort URL logging Erek Adams (Jan 14)
- RE: Snort URL logging L. Christopher Luther (Jan 14)
- RE: Snort URL logging ALMEIDA Antonio Jose (Jan 14)
- RE: Snort URL logging Rich Stryker (Jan 15)
  - RE: Snort URL logging Erek Adams (Jan 15)