Snort mailing list archives
Capturing only specific data
From: quantum () texas net
Date: Wed, 9 Apr 2003 10:50:08 US/Central
I am interested in capturing a specific session based on a signature match. I have the local rules set up to watch for specific events and I have stream4 enabled. When I do this it only captures the first segment of session which has the signature matching data in it. What I want to do is capture the entire entire session, i.e. entire sequence of packets associated with a specifc transaction. Any help is appreciated. q ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Capturing only specific data quantum (Apr 09)