Snort mailing list archives
RE: Snort outputing like tcpdump
From: "Gonzalez, Albert" <albert.gonzalez () eds com>
Date: Fri, 17 Jan 2003 08:49:27 -0500
check out output tcpdump in your conf file or -b on the command line Cheers! -----Original Message----- From: Christopher Lyon [mailto:cslyon () netsvcs com] Sent: Thursday, January 16, 2003 6:36 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Snort outputing like tcpdump Can I have Snort output all packets that it sees to sql is the same format that tcpdump uses? Something like this: 1.631114 192.168.254.14 -> 192.168.252.10 TCP 17971 > 4891 [PSH, ACK] Seq=1969621700 Ack=148993671 Win=13152 Len=84 1.636715 192.168.254.10 -> 65.118.203.125 SNMP GET 1.636889 192.168.252.10 -> 192.168.254.14 TCP 4891 > 17971 [PSH, ACK] Seq=148993671 Ack=1969619212 Win=64400 Len=44 1.638593 192.168.254.14 -> 192.168.252.10 TCP 17971 > 4891 [PSH, ACK] Seq=1969621784 Ack=148993715 Win=13152 Len=236 I don't care about the payload just the raw stats. Any idea? ------------------------------------------------------- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort outputing like tcpdump Christopher Lyon (Jan 16)
- Re: Snort outputing like tcpdump Erek Adams (Jan 17)
- <Possible follow-ups>
- RE: Snort outputing like tcpdump Gonzalez, Albert (Jan 17)
- RE: Snort outputing like tcpdump Christopher Lyon (Jan 17)
- RE: Snort outputing like tcpdump Erek Adams (Jan 17)
- IM Logging - How to? Angel Gabriel (Jan 17)
- RE: IM Logging - How to? Kevin Pietersma (Jan 17)