Snort mailing list archives
Re: how to convert payload data from MySQL data table to tcpdump formated data?
From: Sam Wun <sam.wun () thales-is com>
Date: Thu, 23 Oct 2003 12:46:01 +0800
Erek Adams wrote:
The problem is there is no bniary files being locked in the /var/log/snort directory. there is only an alert file there. All data including payload data is stored in MySQL table. If there is payload data in the /var/log/snort/ subdirectories, I wouldn't need to extract payload data from MySQL table and convert it back to tcpudmp formated data for analysis.On Wed, 22 Oct 2003, samwun wrote:I got the following snort data install in the Data table in MySQL: | 1 | 2082 | 485454502F312E312034303320466F7262696464656E0D0A446174653A205765642C2032 32204F637420323030332031333A35363A333420474D540D0A5365727665723A20417061 6368652F322E302E3430202852656420486174204C696E7578290D0A4163636570742D52 616E6765733A2062797465730D0A436F6E74656E742D4C656E6774683A20323839380D0A 436F6E6E656374696F6E3A20636C6F73650D0A436F6E74656E742D547970653A20746578 742F68746D6C3B20636861727365743D49534F2D383835392D310D0A0D0A | How can I convert the above data_payload to a tcpdump formatted file like the following tcpdump command: Tcpdump -vv -X , which should include Hex data on the left and text at the right.If you just want to read the data, just re-run Snort over your binary file--No need to deal with the MySQL data. snort -dvr <pcap_file> If you have to use tcpdump, change the snaplen.
Thanks Sam ------------------------------------------------------- This SF.net email is sponsored by OSDN developer relations Here's your chance to show off your extensive product knowledge We want to know what you know. Tell us and you have a chance to win $100 http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: byte_test and Snortcenter, (continued)
- RE: byte_test and Snortcenter snort (Oct 16)
- [Snort-Users] Patching Snort with SnortSAM DaniƩl Haslinger (Oct 19)
- script to extract payload info from mysql snort table samwun (Oct 19)
- error in running SnortSnarf samwun (Oct 19)
- Re: [Snort-Users] Patching Snort with SnortSAM Frank Knobbe (Oct 19)
- how to populate snort payload data to MySQL? samwun (Oct 22)
- RE: how to populate snort payload data to MySQL? Jeff Dell (Oct 22)
- RE: how to populate snort payload data to MySQL? samwun (Oct 22)
- how to convert payload data from MySQL data table to tcpdump formated data? samwun (Oct 22)
- Re: how to convert payload data from MySQL data table to tcpdump formated data? Erek Adams (Oct 22)
- Re: how to convert payload data from MySQL data table to tcpdump formated data? Sam Wun (Oct 23)
- Distributed tcpdump output log file from snort. sam (Oct 23)
- [Snort-Users] Patching Snort with SnortSAM DaniƩl Haslinger (Oct 19)
- RE: byte_test and Snortcenter snort (Oct 16)
- Re: how to convert payload data from MySQL data table to tcpdump formated data? Martin Olsson (Oct 24)
- Re: how to convert payload data from MySQL data table to tcpdump formated data? Martin Olsson (Oct 23)
- RE: how to convert payload data from MySQL data table to tcpdump formated data? samwun (Oct 23)
- RE: how to convert payload data from MySQL data table to tcpdump formated data? Jeff Dell (Oct 23)
- RE: how to convert payload data from MySQL data table to tcpdump formated data? samwun (Oct 23)
- RE: how to convert payload data from MySQL data table to tcpdump formated data? samwun (Oct 23)
- Re: how to populate snort payload data to MySQL? Kenneth G. Arnold (Oct 23)
- RE: how to populate snort payload data to MySQL? samwun (Oct 22)
- RE: how to populate snort payload data to MySQL? Kenneth G. Arnold (Oct 23)