Snort mailing list archives
Traffic Capture
From: Syed Hammad Tahir <mscs16059 () itu edu pk>
Date: Fri, 8 Dec 2017 14:20:02 +0500
Hi all, I am new to snort and need help . Is there any way (by writing rules) to capture all the network traffic? By default I am using alert tcp any any -> any any (msg: “alert”) but it doesnt capture the whole traffic i.e., the packets sent transferred between other nodes (unicast). I am specifically interested in capturing the ARP request data. Any help will be appreciated. Regards
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Traffic Capture Syed Hammad Tahir (Dec 08)
- Re: Traffic Capture wkitty42 (Dec 08)
- Re: Traffic Capture wkitty42 (Dec 08)
- Re: Traffic Capture Syed Hammad Tahir (Dec 08)
- Re: Traffic Capture Al Lewis (allewi) via Snort-users (Dec 08)
- Re: Traffic Capture Syed Hammad Tahir (Dec 08)