[Snort-devel] Problems with finding original data packets?

ANDREW TING ZHOU azhou at ...2084...
Fri Jul 18 05:39:03 EDT 2003


I'm trying to read original data packets in terms of the source/target IP
in the alert file. Original data packets are not always kept in same
place, sometime in source directories and sometime in target directories.

Is there a way that I can find original data packets from the alert file?
What is the naming convention for files in source/target directories?

Thanks!

Andrew






More information about the Snort-devel mailing list