To monitor a single IP or computer insert the IP address range and the subnet of the network or host into snort.conf. To do this, replace the existing var HOME_NET configuration line with this form:
var HOME_NET IPAddressRange/Subnet
The IPAddressRange/Subnet notation may not be something you're familiar with; it's not normally used to configure a network interface on Windows systems. This particular type of IP address notation is called CIDR notation, and we give you the run-down on it in Chapter 1, in the sidebar "Understanding CIDR notation."
The following examples monitor a Class C network with an IP address range of 192.168.10.0 - 192.168.10.255 and a subnet of 255.255.255.0:
i This line monitors the entire Class C network:
var HOME_NET 192.168.10.0/24 ^ This line monitors a single host on the Class C network:
var HOME_NET 192.168.10.2/32
Was this article helpful?