[Snort-devel] Extracting packet headers from existing tcpdump/snort binary files
Lou.Carosielli at ...1099...
Fri Jan 25 11:26:06 EST 2002
Good day Mr Roesch,
I have been trying to extract packet headers in binary tcpdump format
from existing tcpdump/snort binary files that contain whole packets and
have noticed that the -P snaplength switch does not function when using
the -r switch to read a binary tcpdump file. Are there any suggestions
on how I can reduce the size of an exiting tcpdump file by creating a
binary file containing only the packet headers?
I am running snort 1.8p1 on an x86 machine with Linux 2.4.2-2 (Red Hat
The original tcpdump binary files were captured by using:
snort -A none -b -c rules_file -q -D -l log_directory1
(where rules_file is basically only collecting TCP, UDP, and
I tried to capture only the packet headers of the exiting tcpdump binary
files by using:
snort -A none -b -c rules_file -q -P 68 -l log_directory2 -r
It appears that the -P 68 switch was ignored as an identical copy of the
existing snort file was created vice one containing only the packet
Any assistance in this matter would be greatly appreciated.
More information about the Snort-devel