[Snort-sigs] Is it possible to Log Headers not Data?

Stuart Jenkins stuart_jenkins at ...12...
Sat Aug 16 01:56:03 EDT 2003

I am looking at using Snort to log packet sizes based on traffic between 
Home IP's and Internet, i.e. Log the packet sizes of all packets to a web 
server (for Internet traffic).

I could log all the packets, and then parse the logs to get Dsize/DgmLen 
(which then I could total up) but I am going to get all the data as well, 
(which at this point I don't want to store - however temprariliy)

I have looked at the rules, and there is the ability to log packets etc, but 
they all seem to log the data and its the headers, whilst I only want the 
headers, specifically dgmLen only if possible.

Whilst Snort is not designed for totalling up bandwidth usage stats, the 
above idea would allow me to do just that (if any one knows of a better way 
of doing it that would be gratefully recieved)

Any rules/ideas/comments appreciated


Add photos to your messages with MSN 8. Get 2 months FREE*.  

More information about the Snort-sigs mailing list