Snort: How to Determine Which IP to put in Pass List?



  • There is an app on my phone that doesn't work in the pfSense/Snort network, but works on CellData and friends' networks.
    I'm thinking it must be Snort blocking the source IP, but there are many.
    How can I determine which IP this app is trying to access so that I can add it to the Pass List?
    I can't find anything in the Snort Service that gives me current data - everything seems to be hours old (Alert lists, block lists, etc)
    If I unblock everything, then Snort will just block that source again next time I use the app. So I need to know the source IP and the rule its using (maybe the rule is unnecessary…)
    Thank you for your help.


Log in to reply