Single IP address

To monitor a single IP or computer insert the IP address range and the subnet of the network or host into snort.conf. To do this, replace the existing var HOME_NET configuration line with this form:

var HOME_NET IPAddressRange/Subnet

The IPAddressRange/Subnet notation may not be something you're familiar with; it's not normally used to configure a network interface on Windows systems. This particular type of IP address notation is called CIDR notation, and we give you the run-down on it in Chapter 1, in the sidebar "Understanding CIDR notation."

The following examples monitor a Class C network with an IP address range of - and a subnet of

i This line monitors the entire Class C network:

var HOME_NET ^ This line monitors a single host on the Class C network:


Was this article helpful?

0 0

Post a comment