[Snort-devel] snort-1.9.0b6 and barnyard discrepancies

Steve Halligan giermo at ...269...
Fri Aug 23 06:48:09 EDT 2002

Dragos released a tool that converts a unified log/alert file directly into
a tcpdump/pcap capture.
Try running it on the unified file and see if it is the culprit, or if
Barnyard is somehow mangling it.



>Em Thu, Aug 22, 2002 at 06:02:59PM -0300, Andreas Hasenack escreveu:
>> Actually, I just tried barnyard's ascii output and it's also 
>> from the tcpdump one, so it's not specific to sql output. 
>Probably the
>> unified file was generated with it.
>Ok, here is what I have:
>tcpdump file
>unified file
>Both files representing the same capture.
>Reading the tcpdump file with tcpdump itself doesn't show any 
>Processing the unified file with barnyard gives different results:
>- using output log_dump: ascii-barnyard-output.txt I get the 
>txt file with
>  the anomalies
>- using output log_pcap: tcpdump-barnyard-output.pcap 
>generates a clean file,
>  with no anomalies
>This sf.net email is sponsored by: OSDN - Tired of that same old
>cell phone?  Get a new here for FREE!
>Snort-devel mailing list
>Snort-devel at lists.sourceforge.net

More information about the Snort-devel mailing list