Snort mailing list archives

Re: Monitor traffic from a specific domain?

From: Jim Starke <jstarke () ptd net>
Date: Tue, 24 Jul 2001 21:44:34 -0400

Dang, I forgot one little thing, here's the command lines again. [:-(]  Thats what I get for being in a hurry I guess. 
My fault.

tcpdump -s 1518 -n -p -i eth1 'src or dst net 192.168.1.0/24' -w packet.log


The -s 1518 is how much data you want to capture of each packet. If you don't put that in, it will only capture 68 
bytes.

windump -s 1518 -n -p -i eth1 'src or dst net 192.168.1.0/24' -w packet.log

I tested the options on my other computer here with windump and the command line appeared to work ok for it too.

Jim


--
Quidquid latine dictum sit, altum viditur.
http://www.jcsmall.com/homepage


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Monitor traffic from a specific domain? Sheahan, Paul (PCLN-NW) (Jul 24)
- Re: Monitor traffic from a specific domain? Larry E. Smith Jr. (Jul 24)
- Re: Monitor traffic from a specific domain? Robert van der Meulen (Jul 24)
- Re: Monitor traffic from a specific domain? Jim Starke (Jul 24)