Snort mailing list archives
Re: size of data
From: Martin Roesch <roesch () sourcefire com>
Date: Wed, 23 Feb 2005 12:11:09 -0500
When you configure the stream4 preprocessor you can include a "keepstats" directive in the config line to generate a summary file with flow statistics. Then all you need to do is use a BPF filter at the command line to get summaries of TCP traffic between those two machines.
For example:
(snort.conf)
preprocessor stream4: keepstats
then
snort -c snort.conf host w.x.y.z and host a.b.c.d
-Marty
On Feb 22, 2005, at 10:26 AM, hind lebbar wrote:
hi all,i'm new user of snort, i want to have an idea about the size of data which circulate between two machines, i only have datagramme length, ip length.so if there is some one who can help me to have the exect size, thank you.hind _________________________________________________________________MSN Messenger : discutez en direct avec vos amis ! http://www.msn.fr/msger/default.asp------------------------------------------------------- SF email is sponsored by - The IT Product GuideRead honest & candid reviews on hundreds of IT Products from real users.Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616 Sourcefire - Discover. Determine. Defend. roesch () sourcefire com - http://www.sourcefire.com Snort: Open Source Network IDS - http://www.snort.org ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- size of data hind lebbar (Feb 22)
- Re: size of data Martin Roesch (Feb 23)