Snort mailing list archives

Previous By Date Next
Previous By Thread Next

SNORT Alert Messages

From: İzzettin Erdem via Snort-devel <snort-devel () lists snort org>
Date: Sun, 10 Jun 2018 02:41:08 +0300
Hello again everyone,

I want to learn which alert belongs to which packet when SNORT prints alert
messages. Is there any unique parameter that identifies packets?

For example, when I give a pcap file which includes more than 50.000
packets inside to SNORT, I want to see alert messages like that:

[some alert] - Packet ID: 125
[some alert] - Packet ID: 200
[some alert] - Packet ID: 1456
.
.
.
[some alert] - Packet ID: 23500


If there not exist unique parameter for packets, how can I learn which
alert belongs to which packet from alert messages ?

Thanks.

_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: