[Snort-sigs] Output Offending packet on Alarm

undercoffer undercoffer at ...518...
Sun Apr 14 18:16:21 EDT 2002

In addition to an alarm I would like to write the offending packet(s) from a
tcpdump file to a separate file.

Can I do this via the SNORT rules or do I need to make some programmatic
modification.  If it is a rule, can anyone offer me an example, if
programmatically can anyone offer me some advice?

Thanks in Advance.

More information about the Snort-sigs mailing list