Snort mailing list archives
TCP reassembly question
From: cha test <c () mickeyfan com>
Date: Fri, 20 Jul 2001 17:19:18 -0700 (PDT)
Hello! I've saved (in tcpdump format) quite a few code red worms. Using Ethereal's tcp reassembly tool, I've dumped three of them to files. It was interesting to see that there were differences between the worms. Now, I'd like to use the tcp reassembly features of snort to dump all of the worms to separate files for comparison. Can anyone suggest a way to do that with snort? Thanks! _____________________________________________________________ Get your own free Mickeyfan.com email address!! DisneySites!! - http://www.disneysites.com/webmail/mickeyfan _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- TCP reassembly question cha test (Jul 20)