Single IP address

To monitor a single IP or computer insert the IP address range and the subnet of the network or host into snort.conf. To do this, replace the existing var HOME_NET configuration line with this form:

var HOME_NET IPAddressRange/Subnet

The IPAddressRange/Subnet notation may not be something you're familiar with; it's not normally used to configure a network interface on Windows systems. This particular type of IP address notation is called CIDR notation, and we give you the run-down on it in Chapter 1, in the sidebar "Understanding CIDR notation."

The following examples monitor a Class C network with an IP address range of 192.168.10.0 - 192.168.10.255 and a subnet of 255.255.255.0:

i This line monitors the entire Class C network:

var HOME_NET 192.168.10.0/24 ^ This line monitors a single host on the Class C network:

var HOME_NET 192.168.10.2/32

Was this article helpful?

0 0

Post a comment