[Snort-devel] SNORT Alert Messages
root.mch at gmail.com
Sat Jun 9 19:41:08 EDT 2018
Hello again everyone,
I want to learn which alert belongs to which packet when SNORT prints alert
messages. Is there any unique parameter that identifies packets?
For example, when I give a pcap file which includes more than 50.000
packets inside to SNORT, I want to see alert messages like that:
[some alert] - Packet ID: 125
[some alert] - Packet ID: 200
[some alert] - Packet ID: 1456
[some alert] - Packet ID: 23500
If there not exist unique parameter for packets, how can I learn which
alert belongs to which packet from alert messages ?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-devel