Snort mailing list archives

Re: Specific Host Filter

From: Frank Knobbe <frank () knobbe us>
Date: Fri, 14 May 2004 10:55:16 -0500

On Fri, 2004-05-14 at 10:15, Todd.Lambdin wrote:

Is there an easy way to implement a filter so that I can watch traffic
between the sensor host and 1 other system only?  I do not want to
capture all traffic to the sensor, only traffic from 1 specific host.


Is that not in the FAQ? Limit traffic using the BPF filter. For example:
  snort -c snort.conf -l /var/log host 1.2.3.4
That will only log/alert on packets from/to host 1.2.3.4.

Regards,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

Specific Host Filter Todd.Lambdin (May 14)
- Re: Specific Host Filter Frank Knobbe (May 14)
- RE: Specific Host Filter Eric Hines (May 14)
  - RE: Specific Host Filter Todd.Lambdin (May 14)