Snort Q-2
IM trying to use a BPF filter to ignore all out bound http traffic. Ive checked the man and dont really understand the wording. Ive read this on the FAQ but failed there too.
FAQ
snort -d -A fast -c snort.conf not (src net xxx.xxx and dst port 80)
Could someone write a pseudo command so that I would only have to add my ip to it. Thank you.
|