How to capture only traffic to and from a subnet?

  • 6
  • Question
  • Updated 5 years ago
  • Answered
Our network segment that we are connected to has traffic associated with one subnet. I want to setup a BPF filter on the sensor so that only traffic associated with the 10.10.0.0/16 subnet is processed. Can we do this and what is the syntax that should be used?
Photo of IT-help

IT-help

  • 52 Posts
  • 2 Reply Likes

Posted 5 years ago

  • 6
Photo of Darragh Delaney

Darragh Delaney, Employee

  • 58 Posts
  • 5 Reply Likes
If you want to filter traffic at a sensor level you should use the following syntax in the sensor settings page

net 10.10.0.0/255.255.0.0

Just be sure to set it for traffic monitoring and IDS

Photo of stan

stan

  • 17 Posts
  • 0 Reply Likes
From what I can see, this syntax net 10.10.10.0/255.255.255.0 does not work.

This problem can be remedied with the filter
net 10.10.10.0/24