Snort: How to Determine Which IP to put in Pass List?
-
There is an app on my phone that doesn't work in the pfSense/Snort network, but works on CellData and friends' networks.
I'm thinking it must be Snort blocking the source IP, but there are many.
How can I determine which IP this app is trying to access so that I can add it to the Pass List?
I can't find anything in the Snort Service that gives me current data - everything seems to be hours old (Alert lists, block lists, etc)
If I unblock everything, then Snort will just block that source again next time I use the app. So I need to know the source IP and the rule its using (maybe the rule is unnecessary…)
Thank you for your help.