Re: configure snort to drop payloads

[Lyle Sudin <lylesudin () yahoo com>]

Hi Erek,

-P 64 prints the headers into the ASCII snort
directory hiarchy of ip addresses.  I need to be able
to print the packet headers (and only packet headers)
to a single file.  Preferably in the binary tcpdump
format.  


Trying -P 64 with -b, seems to be the same as -b.

Thanks,
Lyle


--- Erek Adams <erek () theadamsfamily net> wrote:
> On Tue, 2 Apr 2002, Lyle Sudin wrote:
>
> > Is there an easy way to run snort in packet
> sniffing
> > mode which will be able to keep up with a 100MB
> > connection, log in tcpdump format, and only log
> the
> > packet headers?
>
> Yep.
>
> > The -b switch seems to keep up with the traffic
> and
> > not drop packets but includes the payload in
> addition
> > to the headers.  I need to do all the parsing
> before
> > writing to disk (both privacy and disk space
> concerns)
> > so I am looking for either a switch I am missing
> or
> > code to edit.
>
> No editing needed.  Check out the "-P" option.  If
> you just want headers, in
> the same style as TCPdump, then use "-P 64".
>
> Cheers!
>
> -----
> Erek Adams
> Nifty-Type-Guy
> TheAdamsFamily.Net


__________________________________________________
Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax
http://taxes.yahoo.com/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users